Followup to: <200001260115.UAA08354@tsx-prime.MIT.EDU>
By author: "Theodore Y. Ts'o" <tytso@MIT.EDU>
In newsgroup: linux.dev.kernel
>
> P.S. If you look at the Jun and Kocher paper (thanks to Colin Plumb for
> giving me a pointer to it:
>
> http://developer.intel.com/design/security/rng/CRIwp.htm
>
> It's clear that there is a hardware whitener (a von Neumann bias
> eliminator) to remove 0 vs 1 biases. There are hints that it's
> possible to turn off the whitener, so that you get access to the raw
> stream of bits from the RNG before any whitening is done.
> Unfortunately, how to actually do this (probably some kind of debug
> mode) doesn't seem to be published anywhere. If any one knows how to do
> this, please let me know. Ideally, if the software is going to be doing
> real-time verification of the RNG's soundness, it should be doing so on
> the pre-whitened data stream. As an example, the following string of
> numbers is anything but random:
>
> 1 2 3 4 5 6 7 8 9 10
>
> However, if this is run through a MD5 or SHA whitener, the result would
> *look* random, even though the source material is anything but random.
> So you really want to look for patters and do any analysis on the raw
> data stream.
>
> So, if anyone can figure out (and tell me) how to turn off the 810's
> hardware whitener circuits, that would be really useful. Thanks!!
>
What a waste of transistors! The hardware whitener probably takes far
more transistors than the circuit itself, and it's not even a good
idea...
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:16 EST