Re: Good enough for crypto?

Scott Wilber wrote:
>The references from which you snipped this one were written by others,
>not by ComScire or myself.  I believe that Robert Davies was
>evaluating random number generators for use in a New Zealand lottery,
>an application where more than statistics alone are considered
>crucial.  After all, a good pseudorandom generator would serve
>perfectly will from a statistical point of view, but you won't find
>any lotteries that would accept one for drawing their numbers.
>
>In any case, the references were given merely as an example that
>ComScire has been around a long time and that our generators are well
>known and well respected.

Right.  I understand that.  My point was merely that none of the
references you quoted analyzed the system in enough technical depth
to satisfactorily assess its suitability for cryptographic purposes.
If you know of any other, more detailed evaluations, there would probably
a number of interested readers.

This in no way is meant to imply that the ComScire generator is not secure
enough for cryptography, or that no such analysis has ever been performed.
The ComScire device may well be more than adequate.  My point is only
that I have yet to see a fully satisfying technical assessment of the
randomness of the ComScire device and its suitability for cryptography.
The same can be said of many other hardware random number devices;
I don't mean to single out ComScire in this respect.

On the other hand, the Intel RNG and the VIA Nehemiah RNG are nice
examples of RNG's where I have seen fairly substantial analysis of their
suitability for generating crypto-quality randomness.  (Too bad that the
Intel has stopped shipping their RNG, and that the VIA RNG is not widely
deployed on the desktop.)  If other hardware RNG vendors were inspired
to conduct similarly informative independent evaluations of their own
RNG's, that wouldn't be a bad thing...