FreeBSD won't use Intel & Via's hardware random number generators, believes NSA has compromised them




We used to call this behavior paranoid. Now it's called prudent.


But most random number generators are only pseudo-random anyway. Even if they're not deliberately compromised, they still can't be trusted. I see a market for a radium sample in a tiny USB device.


I understand some Mexican folks had some radioactive stuff to se...oh, wait, that's funny they were online just the other day...


Also, it isn't clear to me whether the thermal noise Intel (I think) uses is random in a quantum mechanical sense (even in the absence of NSA tampering). If not, are its biases of the sort where Von Neumann's method of extracting the randomness that is there would be effective?


Also obligatory,


I thought /dev/random and similar generators produced truly random results in most cases by drawing on electrical noise from device drivers. (Albeit it's very slow if large amounts of entropy are required.)


I recall meeting with this fellow once -- radioactive random pulse generator chips are his "thing":
FPO: Tsuyuzaki, Noriyoshi


In my previous career as an MMO developer, the kinds of complaints I heard about RNGs were:

-- we need a deterministically reproducible series of pseudo-random numbers.
-- the Mersenne Twister algorithm you used to give us a deterministically reproducible series of pseudo-random numbers is too slow.
-- claims based on anecdote, a poor understanding of statistics, and lack of realization that the RNG is doing far more than just your loot rolls.

I wish I could throw this into that third category. Unfortunately these days you can attribute things to malice that should have been mere stupidity.

"Security" is really kind of the opposite of what the NSA does.


Only if the hardware is in place, which is why I suggested a radium key-fob. Most computers, regardless of size, just use pseudo-random numbers, which are fine for most applications. Also, I think this article was discussing pseudo-random generators.


How about a smoke detector and a photo transistor?


If it comes out of a machine it's not random.
(I think Weizenbaum said something like that but I'm too lazy just now to verify it.)

Anyway, how about atmospheric static? That should be random and I'd rather have an USB fob with a radio receiver in it than radium or pitchblende.

BTW: if the RNG is based on radioactive decay, could basalt or granite be used? Or would you need tons of the stuff to have a powerful enough source?
(I know there are regulars on bbs who can do the math on that, mine's pretty rusty and always was a little superficial to begin with.)


Hell if I know, but pitchblende is such a cool word I vote for it.


If it comes out of a noise diode, it may be filtered noise rather than white noise, but it should be pretty random once you allow for that. Atmospheric static or radioactive decay or whatever would also work, but are a lot more complicated and no less vulnerable to tampering if you're presuming you can't trust the manufacturer -- arguably more so since these are at least as subject to influence from outside the box.

As always, there are more bad ways to implement security than good ones.

As always, perfect security is largely a myth, and cost goes up exponentially as you get closer to it.

As always, the real key is understanding when good enough for your purposes really is good enough... and when you should just go completely outside the box and have someone flip a coin 64 times or grab the nearest UPC or otherwise take a number from some source that they trust is Completely Irrelevant.



It is interesting that there was no mention of AMD's CPUs.


There's the rub.
Are there any reasonable feasible methods on a DIY level?


I dimly remember them producing errors, wasn't there something like this some years ago?
However, if the error was reproducable, it wouldn't be random.


This topic was automatically closed after 5 days. New replies are no longer allowed.