Date: Mon, 19 Jun 2000 18:49:11 +0300 From: Nimrod Mesika <nimrodme@bezeqint.net> To: Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-arch@freebsd.org Subject: Re: (2nd iteration) New /dev/(random|null|zero) - review, please Message-ID: <394E40F7.E39EDD6A@bezeqint.net> References: <200006051720.TAA18713@gratis.grondar.za> <393BEE84.BBAD3E82@vangelderen.org> <20000606160118.C3351@spirit.jaded.net> <xzpwvjlu9w5.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > The idea of built-in hardware RNGs bothers me a little. How can the > manufacturer guarantee that all units are perfectly identical and > indistinguishable? Is it conceivable that a hardware RNG might leave > (be it by accident or by design) some kind of fingerprint in its You *always* run the output of any random number generator through some statistics tests (how many? depending on the level of security you want). If it fails - shut down the system. This is necessary even if you trust the device, as it may become biased (temperature?) or just plain broke (and all your security goes down with it...) -- Nimrod. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?394E40F7.E39EDD6A>