From: jim bell <jimbell@pacifier.com>
Date: Mon, 25 Nov 1996 21:04:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: market for hardware RNG?
Message-ID: <199611260503.VAA27444@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm considering building a PCB to make a hardware random number generator.  
My first impression is that it will consist of a reverse-biased zener (for a 
broadband source of uncorrelated white noise) driving one of those one-chip 
FM recivers, with the audio output driving an 8-10 bit flash A/D convertor.  
Fairly simple.  For cryptologic applications, the output would have to be 
hashed down to a somewhat smaller output of bits since not all outputs are 
equally probable, but I suppose after such massaging it could produce at 
least 2 bits of randomness per sample at a 10 kilosamples per second or so, 
possibly much more with a wideband receiver chip.

But on thinking about this a little more, I began to wonder if anybody 
really wants this.  Pessimistically, it occurs to me that:

1.  Many if not most people don't even understand why a hardware RNG is 
desirable.

2.  Users of programs like PGP today already get at least a fairly decent 
RNG already.  Would they want better?  (I'm not suggesting a total 
replacement; I assume that the output of any hardware RNG would be hashed 
with more "traditional" PC sources, like disk timings, keyboard timings, 
etc, which should deter attempts to attack just the hardware part.)

3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
replaced, or perhaps influenced.  Would someone who was sufficiently 
sophisticated as to recognize the need for it actually accept a real, 
functioning device?


On the other hand... if this kind of pessimism had infected Phil Zimmermann 
before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
erased the file, and said, "fuck it!"





Jim Bell
jimbell@pacifier.com