Port-amd64 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Lightweight support for instruction RNGs



On Mon, Dec 21, 2015 at 09:28:40AM -0800, Alistair Crooks wrote:
> I think there's some disconnect here, since we're obviously talking
> past each other.
> 
> My concern is the output from the random devices into userland. I

Yes, then we're clearly talking past each other.  The "output from the
random devices into userland" is generated using the NIST SP800-90
CTR_DRBG.  You could key it with all-zeroes and the statistical properties
of the output would differ in no detectable way* from what you got if
you keyed it with pure quantum noise.

If you want to run statistical tests that mean anything, you need to
feed them input from somewhere else.  Feeding them the output of the
CTR_DRBG can be nothing but -- at best -- security theater.

 [*maybe some day we will have a cryptanalysis of AES that allows us to
   detect such a difference, but we sure don't now]

Thor


Home | Main Index | Thread Index | Old Index