I have just read the Intel "technical brief" covering the Intel hardware RNG device (ftp://download.intel.com/design/security/rng/techbrief.pdf) interesting read; although it and the accompanying documents (http://developer.intel.com/design/security/rng/rngppr.htm) still do not cover in detail and of the afore mentioned items. Ryan -----Original Message----- From: Ryan Hurst [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 7:42 PM To: 'Rich Salz' Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users ([EMAIL PROTECTED]) Subject: RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets. Granted; guess I should not have given such high praise to the quality/uniqueness of that this device produces since they do not provide information on its design nor state that it has been evaluated by any qualified independent reviewers. My assumption was and I guess still (to some degree) that the quality of input material available in a hardware based implementation is far superior to what is available to a software implementation (like egd.pl, etc.) At a minimum this driver/hardware essentially gives windows users a /dev/urandom which they have been missing. In either case I would still say its best to maintain the current implementations use of this device to allow for code conformity. I would like to see the FAQ updated to refer to this drivers/hardware existence. Ryan -----Original Message----- From: Rich Salz [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 7:36 PM To: Ryan Hurst Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users ([EMAIL PROTECTED]) Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets. > I am not sure I understand what you are saying You called the intel h/w rng "excellent." I believe consensus is "we don't know." The code you showed does exactly the right thing: don't rely on the h/w RNG directly, but use it as an entropy source. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
