On Sat, Sep 07, 2013 at 10:48:02AM -0700, David Johnston wrote: > It interesting to consider the possibilities of corruption and > deception that may exist in product design. It's a lot more alarming > when it's your own design that is being accused of having been > backdoored. Claiming the NSA colluded with intel to backdoor RdRand > is also to accuse me personally of having colluded with the NSA in > producing a subverted design. I did not.
There is no way for us to check what Intel ships. A trustable system must be inspectable, so that we actually don't have to guess what it does, but can actually check. This pretty much rules out CPU-integral RNGs. It has to be a third-party add-on (USB or PCIe), and it has to be open hardware. Additional advantage of a kit-like approach (say, FPGA that ships without a blob that has to be downloaded from a depository) is that you can circument IP issues, and don't have a manufacturer who can be forced into backdooring the system. > A quick googling revealed many such instances of statements to this > effect, strewn across the internet, based on inferences from the > Snowden leaks and resulting Guardian and NYT articles. > > I personally know it not to be true and from my perspective, the > effort we went to improve computer security by making secure random > numbers available and ubiquitous in a low attack-surface model is > now being undermined by speculation that would lead people to use How badly patent-entangled is Intel's RNG? Can the fundamental principle be extracted into an open design? > less available, less secure RNGs. This I expect would serve the > needs of the NSA well.
signature.asc
Description: Digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography