No Such lAbs (MPEx:S.NSA) announced its first hardware product today, the eunymous FUCKGOATS.
FUCKGOATS is an auditable true random number generator with highly concentrated1, significant entropy debit2 and a particularly resilient design. The price point is a shade under 3 Bitcents (shipping included). The unit can be plugged directly into any USB connector. Various tools & utilities are bundled with each purchase.
Peace in our uTime!
Mazel tov! It's like a baby boy. Just, y'know, one that fucks goats.
Also uncircumcised.
All the best ones are.
Oh cryptological love-mutton, my erotic bovid of lust…
From the utter lack of any detail whatsoever about the "TW"'s source of randomness I conclude that this is just Dual_EC_DRBG in shiny wrapping paper. Admit it. Confess!
Quality RNGs are an admirable goal for many reasons, but worries about backdoored RNGs are not one of them. If your concern is backdoored RNGs and you spare FPGA fabric at the ready then the solution is easy: pick your own truly random salt (just once — roll some dice) use it as the key to encrypt an all-zeroes stream in CBC-mode with your favorite stream cipher, xor the output with the possibly-backdoored RNG output, and finally run that through your favorite hash function. Having done this, to be sure you've thwarted the backdoor-happy adversary all you need to trust is the noninvertibility of the chosen hash function, which begin an algorithm is a hell of a lot easier to audit than the physics of a hardware RNG. No microscopes needed, I promise.
… oh baby, it makes me so hot when you bleat like that….
Plox to provide a rigorous proof of noninvertibility.
What part of "consecutive bits of any hash function's output are correlated" is difficult to understand ?
And what part of "schematic ships with the device" is difficult to understand ?
I guess people really do still think you can still audit ICs cause some hacker said they "reverse engineered"…
The only non-destructive IC audit physically possible is "I put 100 TByte of test pattern, known only to me, through this thing, and got the expected, known only-to-me 1TByte output, and there is physically no room for a crib sheet in there."
@WOT:wut The "randomness by process" you propose is the exact opposite of sense. What will you do next time you need an entropic stream, come up with a … different half baked, haphazard process to turn a stream of zeroes into "entropy" ? And the next time ? And the next ? Soon enough you'll run out of methods, because there really aren't that many.
This is engineering on the level of "whenever I want transportation I just order a bunch of slaves to form a human chaingang". Really, you do ?
Most sincere congratulations and Godspeed.
Of course it's geese, not goats.
IN CASE OF FIRE
STEAL KILL
FUCK GEESE
WAIT FOR RESPONSE BEEP
Nice to hear, will need one soon