Intel to also add RNG
Eric Murray
ericm at lne.com
Mon Jul 12 10:36:38 PDT 2010
On Mon, Jul 12, 2010 at 12:22:51PM -0400, Perry E. Metzger wrote:
> Plugging in an
> external unit is not going to happen in practice. If it isn't nearly
> free and built in, it won't be used.
I completely agree. But HW RNGs are a pain in a lot of ways- modern chip
design libraries don't include RNG modules. You have to make your own.
Verification software won't verify it and considers it an error.
When it runs it sucks a lot of power and generates a lot of heat.
Not a problem for Intel, but if you're using a contract fab (TSMC)
they probably won't guarantee that part of your chip will even work
because according to chip design rules, it's wrong.
Then there's FIPS- current 140 doesn't have a provision for HW RNG.
They certify software RNG only, presumeably because proving a HW RNG to be
random enough is very difficult. So what's probably the primary market
(companies who want to meet FIPS) isn't available.
So while I think it'd be great to have a decent RNG on chip
(no more blocking on /dev/random!) I don't see it being much of
a market advantage and would not be surprised if it never makes it in
to a shipping product.
Mixing the output with something else would address any lack of randomness
either deliberate or accidental... but still wouldn't meet FIPS.
BTW Intel isn't close to the first to put an RNG on a CPU chip. I worked for
a company in the late 1990s that did it and I'm sure we wern't the first.
Eric
More information about the cypherpunks-legacy
mailing list