[cryptography] Random number generation influenced, HW RNG
James A. Donald
jamesd at echeque.com
Sun Sep 8 01:22:58 EDT 2013
On 2013-09-08 1:25 PM, Thor Lancelot Simon wrote:
>> Access to the raw output would have made it possible to determine
>> that the random numbers were in fact generated by the physical
>> process described, since it is hard and would cost a lot of silicon
>> to simulate the various subtle offwhite characteristics of a well
>> described actual physical process.
> I am extremely skeptical of this claim.
Intel shows a circuit that should in theory output near random bits. If
the bits are actually coming from this circuit, we would expect to see
some long term anti correlation - an unusually long stream of zeros
should have a higher than random percent chance of being followed by an
unusually long stream of ones, and some short term correlation - a zero
should have a higher than fifty percent chance of being followed by
another zero, and a lower than fifty percent chance of being followed by
If we don't see that, we are not getting the raw unwhitened output, or
there is no hardware true randomness for us to get.
Conversely, if we do see that, we can be pretty sure that the circuit
exists and is producing true randomness, though of course we don't know
if that true randomness is necessarily being fed into the whitener. But
then we don't need to use the output of the whitener, we can feed the
off white output into a software whitener.
More information about the cryptography