[146978] in cryptography@c2.net mail archive
Re: [Cryptography] Random number generation influenced, HW RNG
daemon@ATHENA.MIT.EDU (John Kelsey)
Tue Sep 10 16:07:03 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522EBC76.2090704@iang.org>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Tue, 10 Sep 2013 15:59:38 -0400
To: ianG <iang@iang.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 10, 2013, at 2:30 AM, ianG <iang@iang.org> wrote:
> The question of whether one could simulate a raw physical source is tantalising. I see diverse opinions as to whether it is plausible, and thinking about it, I'm on the fence.
I don't think simulating a physical source is itself a big challenge. People simulate complicated probabilistic behavior all the time. The challenge is going to be sticking it into the chip in a way that doesn't show up when the chip is taken apart in a lab.
How can we design the whole system so that some compromised or flawed pieces don't wreck us? I don't know how to ensure my chip's hardware RNG isn't hacked, but I have some hope of working out a design that will be robust even if it is hacked.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography