In <[EMAIL PROTECTED]>, on 09/16/99
at 03:28 AM, John Gilmore <[EMAIL PROTECTED]> said:
>With the random number generator and now the IPSEC accelerator, Intel is
>really bidding to be the preferred hardware supplier for people who care
>about security. Now if they'd only let us dump the braindead insecure
>Microsoft OS's, by publishing programming specs so we can access their
>security hardware from Linux and Unix, real servers running real loads
>could use their stuff.
Hi John,
I don't know if you still follow the CP list but we have been having a
long debate on the trustworthiness of Intel hardware, especially their
RNG.
IMHO hardware based crypto is dangerous especially from a company like
Intel that will not allow it's designs to be peer reviewed. Their entire
attitude is "trust us we are Intel". Well sorry I don't. Intel's RNG and
now it's IPSEC accelerator are to ripe of a target for TLA's to trust
without complete, open, peer review. Until this happens, IMHO, it is as
trustworthy as CAPI.
[MODERATOR's NOTE: I'm sorry, but I find this totally wrongheaded. A
3DES ethernet card need not be "trusted" -- if the thing interoperates
with other IPSec implementations, its correct, pure and
simple. Indeed, the slightest flaw and it would not
interoperate. Perhaps they could rig it to leak too much in the RF
spectrum, but they could do that with the rest of the chipset, too,
and you are using *that*.
As for their RNG hardware, Paul Kocher was invited to look inside the
Kimono and has published a full report on it, and he didn't find
anything odd... --Perry]
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------
