[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Project: a standard cell random number generator



>At 02:50 PM 9/20/95 -0700, you wrote:
 
>> In this sense, NSA ought to be *encouraging* Intel and
>>IBM and Motorola to put "generate random bits" instructions into
>>their instruction sets...
 
Intel produces a random generator (in a chip package) that is used
in STU-II..'s.  You can't buy such devices, random sources good enough
to be used for initialization for military grade cryptography are Controlled
Cryptographic Items.
 
One would think that the NSA is attempting to exploit the lack of availability
of random initialization values against their targets.  The question becomes
one of whether or not the general populace (of the U.S.) is considered a
potential target, or simply casualties of the situation in undeclared        
hostilities.
 
As a minimum one could infer that the availability of random numbers is
considered quite important for NSA secure communications.  I used to work
at a company that subscribed to NSA (National Standards Association) which
provided government and other standards on microfiche and/or hardcopy.
 
There was an interval before Reagan took office when the NSA provided all
of their unclassified standards into general availability, an era of open-
ness that came to an end with the Star Wars era.  One of those standards
was for random data sources.  The only recent standards that come to mind
are the X.509 stuff for session key generation, FIPS PUB 140-1 which
describes randomizer tests, and the recent FIPS PUB for a password generator.
These three use block ciphers to produce psuedo-random output. 
 
If NSA requires real stochastic results for military crypto, what would
we as casual cryptographers feel comfortable with?  The Netscape episode
shows the comfort level needs improving.

How good is good enough?