Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Jun 2000 18:49:11 +0300
From:      Nimrod Mesika <nimrodme@bezeqint.net>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-arch@freebsd.org
Subject:   Re: (2nd iteration) New /dev/(random|null|zero) - review, please
Message-ID:  <394E40F7.E39EDD6A@bezeqint.net>
References:  <200006051720.TAA18713@gratis.grondar.za> <393BEE84.BBAD3E82@vangelderen.org> <20000606160118.C3351@spirit.jaded.net> <xzpwvjlu9w5.fsf@flood.ping.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote:
> The idea of built-in hardware RNGs bothers me a little. How can the
> manufacturer guarantee that all units are perfectly identical and
> indistinguishable? Is it conceivable that a hardware RNG might leave
> (be it by accident or by design) some kind of fingerprint in its

You *always* run the output of any random number generator through some
statistics tests (how many? depending on the level of security you
want). If it fails - shut down the system.

This is necessary even if you trust the device, as it may become biased
(temperature?) or just plain broke (and all your security goes down with
it...)

-- Nimrod.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?394E40F7.E39EDD6A>