Nico Williams <n...@cryptonector.com> writes: >I'd like to understand what attacks NSA and friends could mount, with Intel's >witting or unwitting cooperation, particularly what attacks that *wouldn't* >put civilian (and military!) infrastructure at risk should details of a >backdoor leak to the public, or *worse*, be stolen by an antagonist.
Right. How exactly would you backdoor an RNG so (a) it could be effectively used by the NSA when they needed it (e.g. to recover Tor keys), (b) not affect the security of massive amounts of infrastructure, and (c) be so totally undetectable that there'd be no risk of it causing a s**tstorm that makes the $0.5B FDIV bug seem like small change (not to mention the legal issues, since this one would have been inserted deliberately, so we're probably talking bet- the-company amounts of liability there). >I'm *not* saying that my wishing is an argument for trusting Intel's RNG -- >I'm sincerely trying to understand what attacks could conceivably be mounted >through a suitably modified RDRAND with low systemic risk. Being careful is one thing, being needlessly paranoid is quite another. There are vast numbers of issues that crypto/security software needs to worry about before getting down to "has Intel backdoored their RNG". Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
