At 04:28 PM 9/9/2013, Juan Garofalo wrote:
Creating hardware rngs for individual PCs or phones or similar devices isn't really hard. We don't need to rely on a multibillion american corporation like intel to produce some state-of-the-art circuitry. There are applications that need a fast stream of random numbers, but those applications are not the applications end users run on their devices for security purposes - Did I get the general idea right?
Except for security purposes, most people who need a lot of random numbers are doing things like simulation or generating events in games, so they need a source with very good statistics about independence and uncorrelatedness, but don't mind if it's predictable (and in fact being predictable can be useful, since you can run the same random data stream against different versions of your application and see if it performed better or worse). For those people, a statistically good pseudorandom number generator is usually just fine, and if it's cryptographically secure that's nice but only because crypto stuff needs to be statistically good. Fast on-chip hardware random number generation is useful to non-security people because it's also likely to be statistically good. Security's different, of course. In a typical client-server or peer-to-peer environment, a client or peer isn't going to be generating a lot of random session keys per second, much less a lot of high-strength long-term-use public keys, so the only reason performance matters is that you don't want the user to use a too-short key because generating a long enough key would have taken 15 minutes or required them to wave a mouse around for a long time. A web server or mail server or sometimes a peer with a lot of traffic (e.g. a Tor node) is a different case; they might handle enough traffic that fast strong hardware random number generation is necessary, and they're also the more interesting targets for Bad Guys to attack. The other set of security people who want a large quantity of really good random numbers are people who use one-time pads. Most of them are either hobbyists (who can wait), or actually military/spies/anti-government activists (who are going to ship keys around by courier, which is slow, so they should be willing to generate them in advance), or paranoids (who don't trust public-key crypto, or who don't trust their hardware not to have backdoors, so they've got lots of challenges.) Using OTPs in a professional environment is operationally expensive; you should be willing to spend money on hardware if you're doing it.