[4072] in cryptography@c2.net mail archive
Re: Intel announcements at RSA '99
daemon@ATHENA.MIT.EDU (Colin Plumb)
Tue Jan 26 16:26:40 1999
Date: Tue, 26 Jan 1999 13:59:24 -0700 (MST)
From: Colin Plumb <colin@nyx.net>
To: ben@algroup.co.uk, geer@world.std.com, honig@sprynet.com,
jamesd@echeque.com
Cc: cryptography@c2.net
At 10:23 PM 1/25/99 -0800, James A. Donald wrote:
> If the random number generator is sufficiently simple and
> well understood, then the fact that it turns out random
> looking stuff is strong reason to believe that it is working
> as designed.
>
> If the random number generator elaborately massages its
> output, for example by running it through SHA, then it would
> be very difficult to determine that it is working as
> designed.
David Honig wrote:
> We seem to be calling for the raw bit stream to be accessable
> in addition to the conditioned result. This (plus reverse
> engineering) would give some confidence.
> Is Intel listening?
Well, as I mentioned, I said so in fairly emphatic terms once already,
although I don't know whether such access was planned or if my comments
had any effect. I'm having another, more detailed discussion with the
responsible designers on thursday. I'll have to find out what details
are okay to repeat here, but I can obviously discuss what I plan to
bring in.
My basic point is the same as the above: software can whiten the bit
stream just as easily as hardware, so including any such processing
in hardware is not a very valuable use of transisitors. However,
access to the unwhitened bitstream is essential for quality assurance
purposes. Serious users need that to assess the quality of the random
numbers and, indeed, whether the generator has failed entirely.
If anyone would like to add the weight of their names to my discussion,
I'd be happy to include a list of people who agree with me.
Just send me some e-mail with
- Any contact information beyond name @ e-mail you want oe to include
- Any amplification on my basic point that you'd like to include.
- A title, position, or similar brief statement of qualifications
Does that seem reasonable?
--
-Colin
(I'm also curious what people think is a good rate. I think we surprised
them by saying that one bit per second was adequate. Anything more can
be generated by cryptographic means.)
