Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:05
mgraffam@idsi.net
Fri, 22 Jan 1999 18:40:52 -0500 (EST)
On Fri, 22 Jan 1999, bram wrote:
> > Doesn't seem to me that the new features are of much use to anyone. As
> > others have pointed out, it's quite difficult to assure oneself that the
> > RNG is true and not a fair PRNG in disguise.
>
> It doesn't really matter. As long as there's a way of querying the cpu to
> find out if it really is an RNG, your software is better off than it ever
> has been as far as accessing a 'true' source of entropy goes.
I disagree. It is no small matter. If the RNG in the P3 is just a PRNG,
one is far better off using a well understood, documented PRNG than
something held secretly in a P3. You may argue software problems, viruses,
etc.. This is easily defeated by appeal to a second machine.
Get a cheap 386 that runs your well-designed PRNG and spits bits out the
parallel port when a pin goes high. Simple, far less expensive than buying
a P3 just to have a secure computing platform, and one at least has
knowledge of the properties of the RNG.
> Remember that the 'entropyness' of the RNG is something the software must
> always simply trust
Yes, the software must .. but _YOU_ need not.
> I would much rather trust something documented as being an RNG than,
> for example, relying on the skew in hard drive accesses. Not only is it
> a much faster and more reliable source of entropy, it's also a lot less
> wear on the poor hard drive.
I'd rather have a box that sits on the parallel for generating random bits
myself. This way, I can dig into the thing and look into its theory of
operation. All I need for that is a screwdrive, maybe a maglite, and a
good HP calculator, and depending on how it works .. maybe my
some of my old notebooks or lab experiments from when I started learning
semiconductor electronics to jog my memory.
I'd trust that far more than some circuitry that I can neither see, check
or reverse engineer.
Personally, I have RSA keys that are worth more to me than Intel's word
or the P3 that it rides on.
Michael J. Graffam (mgraffam@idsi.net)
"Enlightenment is man's emergence from his self-incurred immaturity.
Immaturity is the inability to use one's own understanding without the
guidance of another. . .Sapere aude! Have the courage to use your own
understanding!" - Immanuel Kant "What is Enlightenment?"
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:05