Reply to post: Re: Why would you avoid using the HWRNG?

Boffin: Dump hardware number generators for encryption and instead look within

Nick Kew Silver badge

Re: Why would you avoid using the HWRNG?

I read it not as "avoid using the HW", but rather "avoid relying on the HW". Subtle difference.

Of course for the purposes of a test run for an academic paper or even a back-of-envelope calculation ("Just tested it" comment above), results that avoid it altogether play an obvious role. For real life, you take all sources you can get!

The main issue with any proposed approach is the difficulty measuring entropy from a RNG. No matter how good your test and attack tools are, they could be missing a weakness someone else has cracked. Debian-vs-OpenSSL history kind-of demonstrates there's a genuinely hard problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019