At 05:13 PM 10/21/02 -0400, Tyler Durden wrote:
>
>So I guess the follow on question is: Even if you can look at the code
of a
>RNG...how easy is it to determine if its output is "usefully random",
or are
>there certain "Diffie-approved" RNGs that should always be there, and
if not
>something's up?
--
On 21 Oct 2002 at 10:21, Major Variola (ret) wrote:
> But no such "does it look random" test can tell good
> PRNG from TRNG. You must peek under the hood.
More generally, one can never know something is random merely
by looking at it, but only by knowing why it is random. One
must have bo
question is: Even if you can look at the code of a
RNG...how easy is it to determine if its output is "usefully random", or are
there certain "Diffie-approved" RNGs that should always be there, and if not
something's up?
From: "Major Variola (ret)" <[EMAIL PRO
At 07:40 PM 10/18/02 -0400, Tyler Durden wrote:
>Well,I disagree about psuedo random number generation, sort of.
>First, if I have PSR sequence of the known variety (ie, ANSI or ITU),
and if
>it's mapped to some telecom standard (DS-1/3, OC-3/12/48/192), then my
test
>set can and should be able to
[There's been some discussion of whether you can trust hardware crypto.]
At 11:54 AM 10/18/2002 -0400, Tyler Durden wrote:
OK...a follow up question (actually, really the same question in a
diferent form).
Let's say I had a crypto chip or other encryption engine, the code of
which I could not s
Intel is moving Security onto its Network processor chips...a quote also
follows.
http://www.lightreading.com/document.asp?site=lightreading&doc_id=22749
(Begin quote)
For now, Intel is tackling very high- and low-end systems. The IXP2850 is
derived from the IXP2800, which targets 10-Gbit/s l
On Thu, 17 Oct 2002, Tyler Durden wrote:
> If crypto is performed by hardware, how sure can users/designers be that it
> is truly secure (since one can't examine the code)?
Deterministic algorithms with known internal state and fed with same test
vectors generate exactly the same output as thei
On Thu, 17 Oct 2002, Tyler Durden wrote:
> If crypto is performed by hardware, how sure can users/designers be that it
> is truly secure (since one can't examine the code)? Is there any way to
> determine whether standard forms of encryption have been monkeyed with in
> some way (ie, to make those
> If crypto is performed by hardware, how sure can users/designers be
that it
> is truly secure (since one can't examine the code)?
I'm currently microprogramming the 2800, and have worked on a crypto
ASIC in Verilog.
Some comments, food for thought:
You *can* examine the code if the manufacturer