Added c...@panix.com -- if you want to re-submit this (and maybe not top post it) I will approve it...
Perry On Tue, 17 Sep 2013 11:08:43 -0400 Carl Ellison <c...@panix.com> wrote: > If you can examine your setup and determine all possible memory in > the device, count that memory in bit-equivalents, and discover that > the number of bits is small (e.g., <8), then you can apply Maurer's > test: > > ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer92a.pdf > > > Of course, if you're concerned that someone has slipped you a CPU > chip with a PRNG replacing the RNG, you can't detect that without > ripping the chip apart. > > On 9/12/13 11:00 AM, "Perry E. Metzger" <pe...@piermont.com> wrote: > > >On Wed, 11 Sep 2013 17:06:00 -0700 Tony Arcieri <basc...@gmail.com> > >wrote: > >> It seems like Intel's approach of using thermal noise is fairly > >> sound. Is there any reason why it isn't more widely adopted? > > > >Actually, I think things like this mostly have been missing > >because manufacturers didn't understand they were important. Even > >the Raspberry Pi now has an SoC with a hardware RNG. > > > >In addition to getting CPU makers to always include such things, > >however, a second vital problem is how to gain trust that such RNGs > >are good -- both that a particular unit isn't subject to a hardware > >defect and that the design wasn't sabotaged. That's harder to do. > > > >Perry > >-- > >Perry E. Metzger pe...@piermont.com > >_______________________________________________ > >The cryptography mailing list > >cryptography@metzdowd.com > >http://www.metzdowd.com/mailman/listinfo/cryptography > > -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography