I consulted a non-list-reading colleague who knows rather a lot about randomness. He writes:
> here's my reply; i dunno whether it counts > as an example of evil per se: > > the bigger problem with manufactured > entropy sources is that rigorous unit testing > at the factory usually is just impossible. > it just takes too long to gather a few hours > of bits from every unit, then do the exhaustive > statistical testing, again for every unit. > > indeed, it seems likely to me that when > a CPU vendor sells CPU chips with integrated > TRNG circuits, some of the chips will surely > come off the fabrication line with defective > TRNGs, just as some CPU chips get made with > defective ALUs, memory, etc. the bad logic > circuits get caught by exhaustive pre-ship > testing, and those chips don't get sold. but > given that rigorous testing of the TRNG circuit > is so expensive, it's my guess that the CPU > vendor surely must just unwittingly ship the > CPUs that happen to have obscurely bad TRNGs. --dan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users