On Tue, Nov 25, 2008 at 9:12 AM, Eugen Leitl <eugen@leitl.org> wrote:
... Of course you can whiten a RNG with, say a block cipher like AES.
it is useful to whiten and/or mask any potential bias of the entropy source with a run through a cipher or digest. it's important to note that you should be verifying entropy before this step (FIPS sanity checks) otherwise your RNG could be highly biased and you'd not notice from the whitened, masked output.
is raised, if it was truly an RNG then it wouldn't be necessary to mix the outputs from two laser assemblies.
No idea about that. Analog whitening, possibly?
there are two schools of hardware entropy harvesting thought: - use a von Neumann whitener to distill the raw entropy into a high quality, low (single bit) bias source. this will also cut throughput by an order of magnitude, perhaps. - use a block cipher or digest to mask any bias that may be present in an un-whitened, wide open source. the latter seems to be gaining popularity, and of course it doesn't hurt to do both. this is indeed not a huge leap over VIA padlock's dual on core sources (XSTORE) which also have AES on core for the masking above - these can hit 100Mbps with whitening disabled and both sources enabled. if you're initializing FDE drives with good entropy this 1.7Gbps might be useful. otherwise i have a hard time consuming even a fraction of the available entropy on a VIA system in normal use. best regards,