Re: Remote Harware Key Generation?

David Honig (honig@sprynet.com)
Tue, 27 Apr 1999 09:11:30 -0700

• Next message: Daniel J. Frasnelli: "Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Previous message: Mj Dascombe: "Re : Remore Hardware Key Generation"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"

At 08:58 PM 4/26/99 -0500, Mike Rosing wrote:
>
>On Mon, 26 Apr 1999, Mj Dascombe wrote:
>
>> I am a first year student at Manchest University. I have been following
>> the posts of the analysis the UNIX random function. Has it ever been
>> suggested that seperate hardware be used to generate the random bits
>> required for key generation. I created such a device using a FLIPFLOP
>> random bit circuit and a clock, attached to pin 2 of an RS232, wich
>> provided a terminal program with random characters. Would these characters
>> not be random beyond question?
>
>No, you have to ask lots of questions. Run up about 10 MB and feed it
>to DIEHARD and see how it performs.

Of course, this will only show that the randoms are hashed before
being extracted. The random generator could be a prng with a fixed
key, and still pass!

You'll have to study the entropy generated by your physical device, etc.

Demonstrate to a *skeptic* that the device is random. Where does
the uncertainty come in? How would you know if it broke?

Another pointer: Read RFC 1750.

• Next message: Daniel J. Frasnelli: "Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Previous message: Mj Dascombe: "Re : Remore Hardware Key Generation"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"