[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: market for hardware RNG?



> But on thinking about this a little more, I began to wonder if anybody 
> really wants this.  Pessimistically, it occurs to me that:
> 
> 1.  Many if not most people don't even understand why a hardware RNG is 
> desirable.

While your potential market is small, it is dedicated.  Developers of 
crypto products are always looking for good random sources.  People 
that really NEED more reliable sources of random bits are willing to 
pay for them.  I dont think your market will be end users.  But a 
little market research should turn up a healthy margin for you.

> 2.  Users of programs like PGP today already get at least a fairly decent 
> RNG already.  Would they want better?  (I'm not suggesting a total 
> replacement; I assume that the output of any hardware RNG would be hashed 
> with more "traditional" PC sources, like disk timings, keyboard timings, 
> etc, which should deter attempts to attack just the hardware part.)

Why would you hash good RNG output?  I understand your desire to 
deter hardware only attacks.  I just think it might be an 
overreaction.  Of course mine could be an under-reaction 8-)

> 
> 3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
> replaced, or perhaps influenced.  Would someone who was sufficiently 
> sophisticated as to recognize the need for it actually accept a real, 
> functioning device?

It would have to go through rigorous testing in the crypto community. 
 RNGs v. PRNGs goes through a yearly debate here on cpunks.  There 
have been some good discussions on the use of white noise and other 
potential hardware sources.  Im not sure if hks is back up or not, 
but you might look there.

If an independant entity could certify the product with a good 
reputation for dedication to the community, you would get much 
milage.  PGP, Inc. might be interested for instance.  I mean I have 
used PGP for years but have not had the time to go through the code, 
etc.  I trust it because Phil's reputation precedes him.

> On the other hand... if this kind of pessimism had infected Phil Zimmermann 
> before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
> erased the file, and said, "fuck it!"

Go for it Jim.  I would be happy to support you in any way I could.  
Let me know.  It sounds like a good idea.

> 
> Jim Bell
> [email protected]

Matt
 
_________________________________________________________________________
Matthew J. Miszewski                 |               <[email protected]>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`