[cryptography] Intel RNG

coderman coderman at gmail.com
Tue Jun 19 22:35:03 EDT 2012


On Tue, Jun 19, 2012 at 1:54 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> ... Just a sanity check that the output is
> actually changing once in a while would go a long way towards
> eliminating the most common failure modes.

On Tue, Jun 19, 2012 at 6:58 PM,  <dj at deadhat.com> wrote:
> ... Actually having a perfect source is a problem. It's much easier to
> test for a source with known defects that meet a well defined statistical
> model.

is there any literature on the typical failure modes of TRNG/entropy
sources in deployed systems?

my understanding is that they tend to fail catastrophically, in a way
easily detected by FIPS sanity checks. E.g. clearly broken.

is it exceedingly rare for subtle / increasing bias to occur due to
hardware failure or misuse in most designs? are there designs which
fail hard rather than fail silent when error is encountered?



More information about the cryptography mailing list