[cryptography] Random number generation influenced, HW RNG

James A. Donald jamesd at echeque.com
Sat Sep 7 18:34:53 EDT 2013

On 2013-09-08 3:48 AM, David Johnston wrote:
> Claiming the NSA colluded with intel to backdoor RdRand is also to 
> accuse me personally of having colluded with the NSA in producing a 
> subverted design. I did not.

Well, since you personally did this, would you care to explain the very 
strange design decision to whiten the numbers on chip, and not provide 
direct access to the raw unwhitened output.

A decision that even assuming the utmost virtue on the part of the 
designers, leaves open the possibility of malfunctions going undetected.

That is a question a great many people have asked, and we have not 
received any answers.

Access to the raw output would have made it possible to determine that 
the random numbers were in fact generated by the physical process 
described, since it is hard and would cost a lot of silicon to simulate 
the various subtle offwhite characteristics of a well described actual 
physical process.

More information about the cryptography mailing list