From: jim bell <jimbell@pacifier.com>
To: cypherpunks@toad.com
Message Hash: 481324895601eb0da1de8b7f340fd3ed3bc9adad9465d3d3111c26fa40d7998f
Message ID: <199611260503.VAA27444@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-11-26 05:04:03 UTC
Raw Date: Mon, 25 Nov 1996 21:04:03 -0800 (PST)
From: jim bell <jimbell@pacifier.com>
Date: Mon, 25 Nov 1996 21:04:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: market for hardware RNG?
Message-ID: <199611260503.VAA27444@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
I'm considering building a PCB to make a hardware random number generator.
My first impression is that it will consist of a reverse-biased zener (for a
broadband source of uncorrelated white noise) driving one of those one-chip
FM recivers, with the audio output driving an 8-10 bit flash A/D convertor.
Fairly simple. For cryptologic applications, the output would have to be
hashed down to a somewhat smaller output of bits since not all outputs are
equally probable, but I suppose after such massaging it could produce at
least 2 bits of randomness per sample at a 10 kilosamples per second or so,
possibly much more with a wideband receiver chip.
But on thinking about this a little more, I began to wonder if anybody
really wants this. Pessimistically, it occurs to me that:
1. Many if not most people don't even understand why a hardware RNG is
desirable.
2. Users of programs like PGP today already get at least a fairly decent
RNG already. Would they want better? (I'm not suggesting a total
replacement; I assume that the output of any hardware RNG would be hashed
with more "traditional" PC sources, like disk timings, keyboard timings,
etc, which should deter attempts to attack just the hardware part.)
3. Even hardware RNG's aren't "perfect": they could be subverted,
replaced, or perhaps influenced. Would someone who was sufficiently
sophisticated as to recognize the need for it actually accept a real,
functioning device?
On the other hand... if this kind of pessimism had infected Phil Zimmermann
before he wrote PGP 1.0, he might have deleted the first 50 lines of code,
erased the file, and said, "fuck it!"
Jim Bell
jimbell@pacifier.com
Return to November 1996
Return to “Paul Pomes <ppomes@Qualcomm.com>”