Re: Random Data from Geiger Counter

Mike Rosing (eresrch@msn.fullfeed.com)
Thu, 16 Jul 1998 09:14:04 -0500 (CDT)

• Next message: M Taylor: "Re: linux kernel loopback encryption"
• Previous message: Ulf Möller: "Re: linux kernel loopback encryption"
• In reply to: Oskar Pearson: "linux kernel loopback encryption"
• Next in thread: bram: "Re: Random Data from Geiger Counter"
• Reply: bram: "Re: Random Data from Geiger Counter"

On 16 Jul 1998, Cicero wrote:

> The reason that I advocate going with a PRNG is due to inadequacies in
> RNGs.

This argument is actually quite an old one. In one of Vincent's papers
from the 1970's he quotes from another paper of 1964 "no serious work
is done with hardware RNG's" (paraphrased here). Vincent then goes on
to show how to overcome the inadequacies.

> Even if I had a RNG whose manufacturer I trusted, how would I know it
> was not defective, or that the maker, though honest, had not erred
> either in design or in manufacture, or had degraded since manufacture?

Because you can test it continuously. In 1970 Herschell Murry pointed out
how to do this with a set of parallel random bit generators using any
noise source. He also points out the pit falls in the electronics which
the builder has to be aware of, the most important of which is "Employ
electromagnetic shielding".
 
> I can read the source for my software PRNG.

And I can read the source for my hardware RNG. Both can be tested the
same way. What do you do if your PRNG fails a test once? Chuck it?
or consider it a minor problem because you only saw it fail once?

> Using a RNG only, limits you to the strength of the RNG, which may be
> difficult to assess.

It's actually quite easy to check on a continuous basis. If it differs
from what you expect, you can halt it and check the electronics (or in a
cost critical situation just replace it).

Now don't get me wrong, PRNG are very important for crypto purposes. But
to say they can replace hardware RNG because you don't know what the RNG
is doing is complete fallacy with a long history of proof.

And speaking of history, it's back to the library for me. The Bell Sys.
Tech. J. of 1944 has a lot to say about "Mathematical analysis of random
noise".

Patience, persistence, truth,
Dr. mike

• Next message: M Taylor: "Re: linux kernel loopback encryption"
• Previous message: Ulf Möller: "Re: linux kernel loopback encryption"
• In reply to: Oskar Pearson: "linux kernel loopback encryption"
• Next in thread: bram: "Re: Random Data from Geiger Counter"
• Reply: bram: "Re: Random Data from Geiger Counter"