Intel 810 Random Number Generator

[H. Peter Anvin]

Followup to:  <200001260115.UAA08354 en tsx-prime.MIT.EDU>
By author:    "Theodore Y. Ts'o" <tytso en MIT.EDU>
In newsgroup: linux.dev.kernel
> 
> P.S.  If you look at the Jun and Kocher paper (thanks to Colin Plumb for
> giving me a pointer to it:
> 
> 	http://developer.intel.com/design/security/rng/CRIwp.htm
> 
> It's clear that there is a hardware whitener (a von Neumann bias
> eliminator) to remove 0 vs 1 biases.   There are hints that it's
> possible to turn off the whitener, so that you get access to the raw
> stream of bits from the RNG before any whitening is done.
> Unfortunately, how to actually do this (probably some kind of debug
> mode) doesn't seem to be published anywhere.  If any one knows how to do
> this, please let me know.  Ideally, if the software is going to be doing
> real-time verification of the RNG's soundness, it should be doing so on
> the pre-whitened data stream.   As an example, the following string of
> numbers is anything but random:
> 
> 	1 2 3 4 5 6 7 8 9 10 
> 
> However, if this is run through a MD5 or SHA whitener, the result would
> *look* random, even though the source material is anything but random.
> So you really want to look for patters and do any analysis on the raw
> data stream.
> 
> So, if anyone can figure out (and tell me) how to turn off the 810's
> hardware whitener circuits, that would be really useful.  Thanks!!
> 

What a waste of transistors!  The hardware whitener probably takes far
more transistors than the circuit itself, and it's not even a good
idea...

	-hpa
-- 
<hpa en transmeta.com> at work, <hpa en zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo en vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/