[4080] in cryptography@c2.net mail archive
Re: Intel announcements at RSA '99
daemon@ATHENA.MIT.EDU (Colin Plumb)
Wed Jan 27 13:15:15 1999
Date: Tue, 26 Jan 1999 17:05:24 -0700 (MST)
From: Colin Plumb <colin@nyx.net>
To: colin@nyx.net, smb@research.att.com
Cc: ben@algroup.co.uk, cryptography@c2.net, geer@world.std.com,
honig@sprynet.com, jamesd@echeque.com
>From smb@research.att.com Tue Jan 26 16:18:13 1999
Return-Path: <smb@research.att.com>
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by nyx10.nyx.net (8.8.8/8.8.8/esr) with ESMTP id QAA07772
for <colin@nyx.net>; Tue, 26 Jan 1999 16:18:08 -0700 (MST)
X-Nyx-Envelope-Data: Date=Tue Jan 26 16:18:08 1999, Sender=smb@research.att.com, Recipient=<colin@nyx.net>, Valsender=mail-blue.research.att.com [135.207.30.102]
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id 442AB4CEBD; Tue, 26 Jan 1999 18:18:07 -0500 (EST)
Received: from postal.research.att.com (localhost [127.0.0.1])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id SAA12079;
Tue, 26 Jan 1999 18:17:51 -0500 (EST)
Message-Id: <199901262317.SAA12079@postal.research.att.com>
To: Colin Plumb <colin@nyx.net>
Cc: ben@algroup.co.uk, geer@world.std.com, honig@sprynet.com,
jamesd@echeque.com, cryptography@c2.net
Subject: Re: Intel announcements at RSA '99
Date: Tue, 26 Jan 1999 18:17:50 -0500
From: Steve Bellovin <smb@research.att.com>
Status: R
Steve Bellovin wrote:
> What I was told at RSA was that the SHA-1 whitening was done by the driver.
> The driver (I think it was the driver, rather than the hardware) also does
> its own quality checks on the hardware RNG.
Ah, good, somebody at Intel gets the point.
>> (I'm also curious what people think is a good rate. I think we surprised
>> them by saying that one bit per second was adequate. Anything more can
>> be generated by cryptographic means.)
> I asked about speed; I was told that that isn't public yet. I do not
> agree that one bit per second is adequate. Apart from any question of
> the strength of the cryptographic RNG, it means that it would take many
> minutes to have enough entropy for even a single true-random DH exchange.
> Their own goal was "fast enough for IPSEC", which is not that fast, though
> more, I would guess, than your statement.
Yes, this is a number I do know (it came up in the same conversation),
and it's rather a lot more than 1 bit per second. :-)
But I still think that given a reasonable amount of seed material,
I can do cryptographic "reprocessing of spent fuel" basically forever
with good security. More is nice, but I do think that 1 bit per second
is all that is *necessary* for 95% of the benefit.
--
-Colin
