On Wed, 20 Jun 2012, James A. Donald wrote:
On 2012-06-19 9:07 AM, d...@deadhat.com wrote:
It does tell you that if it is your chip and you don't let
someone else pull the lid off, scrape off the passivation and apply a pico
probe to it, it will certainly provide you with good random numbers
regardless of the FIPS mode.
I don't know that. Intel might have screwed up deliberately or
unintentionally, or my particular chip might fail in a way that produces
numbers that are non random, but, due to whitening, are non random in a way
that only some people know how to detect
If intel told me how it worked, and provided low level access to raw
unwhitened output, I could find pretty good evidence that the low level
randomness generator was working as described, and perfect evidence that the
whitener was working as described. Certification does not tell me anything
much.
One vague point, or at least vague to me (sigh :-/), on their chosen
entropy analysis was the reason given for the n-gram check length ranges.
The CRI analysis states that M$ said the n-grams given (lengths 1 to 4)
and the ranges of acceptable repeats of the n-grams within a 256-bit
sequence were based on empirical evidence. An Intel forum [1] said it was
based on a binomial distribution. It would seem important to understand
their statistical model behind sanity checking the es.
Cheers,
Andrew
[1] http://software.intel.com/en-us/forums/showthread.php?t=104200
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography