Re: Intel announcements at RSA '99

Enzo Michelangeli (em@who.net)
Fri, 22 Jan 1999 19:55:46 +0800

• Next message: Mike Rosing: "Re: Intel announcements at RSA '99"
• Previous message: Mok-Kong Shen: "Re: Intel announcements at RSA '99"
• Next in thread: Mike Rosing: "Re: Intel announcements at RSA '99"
• Reply: Mike Rosing: "Re: Intel announcements at RSA '99"

-----Original Message-----
From: Alex Alten <Alten@Home.Com>
To: David R. Conrad <drc@adni.net>; Steve Bellovin <smb@research.att.com>
Cc: cryptography@c2.net <cryptography@c2.net>; CodherPlunks@toad.com
<CodherPlunks@toad.com>
Date: Friday, January 22, 1999 6:21 PM
Subject: Re: Intel announcements at RSA '99

>What is needed is a certification of the RNG. Like the NSA does for
>Fortezza cards (which contain an RNG). Otherwise the only other way
>is to do it yourself using RNG analysis software like Diehard.

Nope. Diehard (or ANY other test suite) analyzes the statistics, but cannot
measure a lower bound for entropy. It may tell you if the candidate RNG is
good for a Montecarlo, not if it is cryptographically secure. This has been
said before, but needs to be reiterated.

Cheers --

Enzo

• Next message: Mike Rosing: "Re: Intel announcements at RSA '99"
• Previous message: Mok-Kong Shen: "Re: Intel announcements at RSA '99"
• Next in thread: Mike Rosing: "Re: Intel announcements at RSA '99"
• Reply: Mike Rosing: "Re: Intel announcements at RSA '99"