> [MODERATOR's NOTE: I'm sorry, but I find this totally wrongheaded. A
> 3DES ethernet card need not be "trusted" -- if the thing interoperates
> with other IPSec implementations, its correct, pure and
> simple. Indeed, the slightest flaw and it would not
> interoperate. Perhaps they could rig it to leak too much in the RF
> spectrum, but they could do that with the rest of the chipset, too,
> and you are using *that*.
Which part of the IPSec standard would prevent the card from selecting
key material from a restricted (and known) set of the keyspace, or from
leaking information through a covert channel (which might include parts
of other network packets, or timing of packets)?
> As for their RNG hardware, Paul Kocher was invited to look inside the
> Kimono and has published a full report on it, and he didn't find
> anything odd... --Perry]
If you're referring to the report at
<http://www.cryptography.net/intelRNG.pdf>, it seems that Paul got a
look at some data which supposedly came from inside the kimono - as the
report states, "For this review, Cryptography Research performed a
series of tests and evaluated the results of experiments performed by
Intel. Raw data and design specifications for the analysis were provided
by Intel." (section 4, page 3).
So, assuming we trust Intel, we've got a report which assures us we can
trust Intel. That helps protect against inadvertent design or
implementation flaws, but doesn't address intentional misbehavior.
--
Greg Broiles
[EMAIL PROTECTED]
