From: “Matthew J. Miszewski” <mjmiski@execpc.com>
To: jimbell@pacifier.com>
Message Hash: 7cfa8e11ef068af1a8df5870c7a48d6c3d4b2d3d5e4b63f689f1355a1c67da0e
Message ID: <199611261813.MAA11361@mail.execpc.com>
Reply To: N/A
UTC Datetime: 1996-11-26 18:13:40 UTC
Raw Date: Tue, 26 Nov 1996 10:13:40 -0800 (PST)
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 26 Nov 1996 10:13:40 -0800 (PST)
To: jimbell@pacifier.com>
Subject: Re: market for hardware RNG?
Message-ID: <199611261813.MAA11361@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain
> But on thinking about this a little more, I began to wonder if anybody
> really wants this. Pessimistically, it occurs to me that:
>
> 1. Many if not most people don't even understand why a hardware RNG is
> desirable.
While your potential market is small, it is dedicated. Developers of
crypto products are always looking for good random sources. People
that really NEED more reliable sources of random bits are willing to
pay for them. I dont think your market will be end users. But a
little market research should turn up a healthy margin for you.
> 2. Users of programs like PGP today already get at least a fairly decent
> RNG already. Would they want better? (I'm not suggesting a total
> replacement; I assume that the output of any hardware RNG would be hashed
> with more "traditional" PC sources, like disk timings, keyboard timings,
> etc, which should deter attempts to attack just the hardware part.)
Why would you hash good RNG output? I understand your desire to
deter hardware only attacks. I just think it might be an
overreaction. Of course mine could be an under-reaction 8-)
>
> 3. Even hardware RNG's aren't "perfect": they could be subverted,
> replaced, or perhaps influenced. Would someone who was sufficiently
> sophisticated as to recognize the need for it actually accept a real,
> functioning device?
It would have to go through rigorous testing in the crypto community.
RNGs v. PRNGs goes through a yearly debate here on cpunks. There
have been some good discussions on the use of white noise and other
potential hardware sources. Im not sure if hks is back up or not,
but you might look there.
If an independant entity could certify the product with a good
reputation for dedication to the community, you would get much
milage. PGP, Inc. might be interested for instance. I mean I have
used PGP for years but have not had the time to go through the code,
etc. I trust it because Phil's reputation precedes him.
> On the other hand... if this kind of pessimism had infected Phil Zimmermann
> before he wrote PGP 1.0, he might have deleted the first 50 lines of code,
> erased the file, and said, "fuck it!"
Go for it Jim. I would be happy to support you in any way I could.
Let me know. It sounds like a good idea.
>
> Jim Bell
> jimbell@pacifier.com
Matt
_________________________________________________________________________
Matthew J. Miszewski | <mjmiski@execpc.com>
Practice Crypto Civil Disobedience | Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Return to November 1996
Return to ““Matthew J. Miszewski” <mjmiski@execpc.com>”
1996-11-26 (Tue, 26 Nov 1996 10:13:40 -0800 (PST)) - Re: market for hardware RNG? - “Matthew J. Miszewski” <mjmiski@execpc.com>