Il 25/06/2013 09:55, Werner Koch ha scritto: >> First: I trust more the RNG on a card than a SW one > A card based RNG is often nothing more than a PRNG with a card specific > seed. Modern cards seem to have a real hardware RNG. I'm referring to cards compatible with GlobalPlatform 2.1.1 (minimum), that is the baseline for MyPGPid applet. That should be "recent enough" to have a real RNG (if RandomData.ALG_SECURE_RANDOM is implemented).
> Compared to > actual hardware RNGs they are very limited and probaly prone to errors. Shouldn't RNG be subject to the various certifications the card have to pass for CC and EAL ? > there is also no way to do extensive power up tests which all other > hardware RNGs require. Dedicated applet that only returns random data? > I consider a good OS supported RNG more reliable. Might be, but it's prone to a lot of possible attacks, too :) BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
