Re: Intel announcements at RSA '99

New Message Reply About this list Date view Thread view Subject view Author view

mgraffam@idsi.net
Fri, 22 Jan 1999 18:40:52 -0500 (EST)


On Fri, 22 Jan 1999, bram wrote:

> > Doesn't seem to me that the new features are of much use to anyone. As
> > others have pointed out, it's quite difficult to assure oneself that the
> > RNG is true and not a fair PRNG in disguise.
>
> It doesn't really matter. As long as there's a way of querying the cpu to
> find out if it really is an RNG, your software is better off than it ever
> has been as far as accessing a 'true' source of entropy goes.

I disagree. It is no small matter. If the RNG in the P3 is just a PRNG,
one is far better off using a well understood, documented PRNG than
something held secretly in a P3. You may argue software problems, viruses,
etc.. This is easily defeated by appeal to a second machine.

Get a cheap 386 that runs your well-designed PRNG and spits bits out the
parallel port when a pin goes high. Simple, far less expensive than buying
a P3 just to have a secure computing platform, and one at least has
knowledge of the properties of the RNG.

> Remember that the 'entropyness' of the RNG is something the software must
> always simply trust

Yes, the software must .. but _YOU_ need not.

> I would much rather trust something documented as being an RNG than,
> for example, relying on the skew in hard drive accesses. Not only is it
> a much faster and more reliable source of entropy, it's also a lot less
> wear on the poor hard drive.

I'd rather have a box that sits on the parallel for generating random bits
myself. This way, I can dig into the thing and look into its theory of
operation. All I need for that is a screwdrive, maybe a maglite, and a
good HP calculator, and depending on how it works .. maybe my
some of my old notebooks or lab experiments from when I started learning
semiconductor electronics to jog my memory.

I'd trust that far more than some circuitry that I can neither see, check
or reverse engineer.

Personally, I have RSA keys that are worth more to me than Intel's word
or the P3 that it rides on.

Michael J. Graffam (mgraffam@idsi.net)
"Enlightenment is man's emergence from his self-incurred immaturity.
Immaturity is the inability to use one's own understanding without the
guidance of another. . .Sapere aude! Have the courage to use your own
understanding!" - Immanuel Kant "What is Enlightenment?"


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:05