[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
Fotis Loukos
fotisl at it.auth.gr
Tue May 3 23:53:13 MST 2016
On 05/03/2016 08:26 PM, Jacob Hoffman-Andrews wrote:
>> Wouldn't this prohibit the usage of a true RNG, such as a Geiger-Muller tube detecting radioactive decay, measurement of cosmic background radiation or any quantum phenomena? I know that these RNGs aren't that popular, but why limit them?
>
> My understanding is that some HSMs use true RNGs as seeds for a CSPRNG, as Andrew said. I think it's clear that those are intended for use in a cryptographic system.
There are hardware devices that use cryptographic hash functions in order to unbias the biased input by the RNG. However, a cryptographic hash function is not a CSPRNG.
I agree that the most common approach is to use the output from the true random source to seed a CSPRNG (as done for example by the linux kernel for the /dev/urandom device), however in the future true RNGs that are able to provide random bytes in high speed may be much more common.
Fotis
More information about the Public
mailing list