[147064] in cryptography@c2.net mail archive
Re: [Cryptography] Radioactive random numbers
daemon@ATHENA.MIT.EDU (Marcus D. Leech)
Thu Sep 12 10:35:06 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Sep 2013 21:06:35 -0400
From: "Marcus D. Leech" <mleech@ripnet.com>
To: cryptography@metzdowd.com
In-Reply-To: <20130911191851.60487876@jabberwock.cb.piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 09/11/2013 07:18 PM, Perry E. Metzger wrote:
>
> The attraction of methods that use nothing but a handful of
> transistors is that they can be fabricated on chip and thus have
> nearly zero marginal cost. The huge disadvantage is that if your
> opponent can convince chip manufacturers to introduce small changes
> into their design, you're in trouble.
>
> Perry
And this is the reason that I'd be in favour of "diversity" -- using
sound cards, lava-lamps, etc, etc. Sources that don't explicitly
identify themselves
as "the random number generator".
There's no way for a bad actor to cover "all the bases", and since these
things are primarily used for things other than random-number sources,
it may be hard to "break" them in ways that doesn't also break their
primary purpose (although, if you're just mucking with the low-order
"noise bits" of some arbitrarily-chosen digitization of a real-world
source, it would be hard to tell the difference).
--
Marcus Leech
Principal Investigator
Shirleys Bay Radio Astronomy Consortium
http://www.sbrac.org
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography