1.7 GBit/s RNG by laser feedback

[coderman]

On Tue, Nov 25, 2008 at 9:12 AM, Eugen Leitl <eugen at leitl.org> wrote:
> ... Of course you can
> whiten a RNG with, say a block cipher like AES.

it is useful to whiten and/or mask any potential bias of the entropy
source with a run through a cipher or digest.  it's important to note
that you should be verifying entropy before this step (FIPS sanity
checks) otherwise your RNG could be highly biased and you'd not notice
from the whitened, masked output.


>> is raised, if it was truly an RNG then it wouldn't be necessary
>> to mix the outputs from two laser assemblies.
>
> No idea about that. Analog whitening, possibly?

there are two schools of hardware entropy harvesting thought:

- use a von Neumann whitener to distill the raw entropy into a high
quality, low (single bit) bias source. this will also cut throughput
by an order of magnitude, perhaps.

- use a block cipher or digest to mask any bias that may be present in
an un-whitened, wide open source.

the latter seems to be gaining popularity, and of course it doesn't
hurt to do both.

this is indeed not a huge leap over VIA padlock's dual on core sources
(XSTORE) which also have AES on core for the masking above - these can
hit 100Mbps with whitening disabled and both sources enabled.  if
you're initializing FDE drives with good entropy this 1.7Gbps might be
useful.  otherwise i have a hard time consuming even a fraction of the
available entropy on a VIA system in normal use.

best regards,