On Sat, Jul 13, 2013 at 1:38 AM, William Yager <will.ya...@gmail.com> wrote:
> not trusting your hardware is a great place to start. > > Heh, might as well just give up. http://cm.bell-labs.com/who/ken/trust.html (I know what you meant, just couldn't resist.) > > On Fri, Jul 12, 2013 at 7:20 PM, Peter Gutmann > <pgut...@cs.auckland.ac.nz>wrote: > >> Nico Williams <n...@cryptonector.com> writes: >> >> >I'd like to understand what attacks NSA and friends could mount, with >> Intel's >> >witting or unwitting cooperation, particularly what attacks that >> *wouldn't* >> >put civilian (and military!) infrastructure at risk should details of a >> >backdoor leak to the public, or *worse*, be stolen by an antagonist. >> >> Right. How exactly would you backdoor an RNG so (a) it could be >> effectively >> used by the NSA when they needed it (e.g. to recover Tor keys), (b) not >> affect >> the security of massive amounts of infrastructure, and (c) be so totally >> undetectable that there'd be no risk of it causing a s**tstorm that makes >> the >> $0.5B FDIV bug seem like small change (not to mention the legal issues, >> since >> this one would have been inserted deliberately, so we're probably talking >> bet- >> the-company amounts of liability there). >> >> >I'm *not* saying that my wishing is an argument for trusting Intel's RNG >> -- >> >I'm sincerely trying to understand what attacks could conceivably be >> mounted >> >through a suitably modified RDRAND with low systemic risk. >> >> Being careful is one thing, being needlessly paranoid is quite another. >> There >> are vast numbers of issues that crypto/security software needs to worry >> about >> before getting down to "has Intel backdoored their RNG". >> >> Peter. >> _______________________________________________ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography >> > > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography