Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site utcsri.UUCP
Path: utzoo!utcsri!outer
From: outer@utcsri.UUCP (Richard Outerbridge)
Newsgroups: net.crypt
Subject: Why no hardware random numbers?
Message-ID: <868@utcsri.UUCP>
Date: Mon, 11-Mar-85 23:35:39 EST
Article-I.D.: utcsri.868
Posted: Mon Mar 11 23:35:39 1985
Date-Received: Tue, 12-Mar-85 00:00:53 EST
Distribution: net
Organization: CSRI, University of Toronto
Lines: 22

Looking over the various schemes proposed for key generation and management
it seems that one of the basic, really fundamental, requirements is a source
of truly random numbers.  All the master keys these schemes use are assumed
to be truly random (generated off-line using die or lima beans, whatever) and
much of the subsequent effort is devoted to constructing pseudo-random shadows
of these original truly-random seeds.

I also seem to recall that one of the specifications that Alan Turing made for 
the ACE computer way back when is that it include a hardware device capable of
generating truly random numbers.  Such a facility would doubtless be useful in
other areas besides cryptography.  Davies&Price advise that hardware random
number generation is indeed practicable, albeit fraught with as many statistical
pratfalls as ordinary pseudo-random number generation.  It can't be that hard
though.  

So, why do so few supposedly modern computers include a hardware random number
generator?  I mean really, every decent library includes at least one flawed-in-
one-way-or-another pseudo-random generator so its not as though its an esoteric
application.  Why no hardware random numbers?
-- 
Richard Outerbridge		 (416) 961-4757
Payload Deliveries:	N 41 39'36", W 79 23'42", Elev. 106.47m.