James A. Donald (jamesd@echeque.com)
Fri, 22 Jan 1999 08:43:44 -0800
--
>> Nope. Diehard (or ANY other test suite) analyzes the
>> statistics, but cannot measure a lower bound for entropy.
>> It may tell you if the candidate RNG is good for a
>> Montecarlo, not if it is cryptographically secure. This
>> has been said before, but needs to be reiterated.
At 09:13 AM 1/22/99 -0600, Mike Rosing wrote:
>You mean upper bound?
He meant lower bound. A rigged or faulty RNG will have near
zero entropy.
> And what would convince you that a hardware RNG is
> cryptographically secure?
Knowledge of the underlying hardware, knowledge that shows it
derives its randomness from the fundamental randomness of the
universe, either thermal entropy, (Johnson noise) or quantum
indeterminacy (shot noise), knowledge that enables us to
determine the good functioning of the underlying noise
amplification circuits from the character of the output.
A good circuit would simply directly amplify the underlying
noise source, so that the entropy of the output would be
somewhat less than one entropy bit per signal bit, thus
ensuring that any malfunction of the underlying circuit would
be obvious.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
hizPlIs94beL7QAh1UH+Wmg66usiFnkcWMQXrOTo
4ckMiYeogUWlZrYTD256gT0G4rAbJwjUQ1p6hS6Wm
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/ James A. Donald
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:04