[149157] in cryptography@c2.net mail archive
Re: [Cryptography] HSM's
daemon@ATHENA.MIT.EDU (ianG)
Tue Jan 21 02:51:14 2014
X-Original-To: cryptography@metzdowd.com
Date: Tue, 21 Jan 2014 09:26:21 +0300
From: ianG <iang@iang.org>
To: Bill Frantz <frantz@pwpconsult.com>
In-Reply-To: <r422Ps-1075i-CF71817E6C87459D9D3E871DDB5E77B3@Williams-MacBook-Pro.local>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 21/01/14 02:25 AM, Bill Frantz wrote:
> The RNGs will need to communicate with each other, or with a central
> trusted module to know that the MD of the random contribution has been
> committed by all the RNGs so they can safely release the random
> contribution.
I don't think it is necessary for the RNGs to audit their output. It's
only necessary for the HSMs to audit the results. The RNGs can be dumb.
I thought about that a little. My musing at the time was that you could
avoid it by having a time-broadcast. If the RNGs can deliver say 10k
per second, why not just have them do that?
Each RNG sends out a packet one per cycle. And for committing, each
packet can include the MD of the next packet.
OK, so this sets up a lot of complications for the HSMs that now have to
agree on the time-set of RNG output. Maybe not worth it.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
