[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Fotis Loukos fotisl at it.auth.gr
Wed May 4 06:53:13 UTC 2016

On 05/03/2016 08:26 PM, Jacob Hoffman-Andrews wrote:
>> Wouldn't this prohibit the usage of a true RNG, such as a Geiger-Muller tube detecting radioactive decay, measurement of cosmic background radiation or any quantum phenomena? I know that these RNGs aren't that popular, but why limit them?
> My understanding is that some HSMs use true RNGs as seeds for a CSPRNG, as Andrew said. I think it's clear that those are intended for use in a cryptographic system.

There are hardware devices that use cryptographic hash functions in order to unbias the biased input by the RNG. However, a cryptographic hash function is not a CSPRNG.

I agree that the most common approach is to use the output from the true random source to seed a CSPRNG (as done for example by the linux kernel for the /dev/urandom device), however in the future true RNGs that are able to provide random bytes in high speed may be much more common.


More information about the Public mailing list