> AES is an algorithm that produces deterministic results. Not really something to backdoor like a RNG. I admit I haven't looked at the AES-NI instruction set, but I've read that it could be easy for the CPU to reconstruct the key from a sequence of calls typical to AES encryption/decryption (I think implementations even use Intel-provided code), and store it for later retrieval through a secret CPU instruction set. From: Andre Heinecke <aheine...@intevation.de> To: gnupg-users@gnupg.org; Maricel Gregoraschko <maricelgregorasc...@yahoo.com> Sent: Tuesday, March 10, 2015 5:05 AM Subject: Re: AES-NI, symmetric key generation Hi,
To answer your first question regarding gpg4win: On Monday, March 09, 2015 05:15:14 PM Maricel Gregoraschko wrote: > Hello All,I would first like to thank you for your effort and time > developing gnupgp.I have a couple of questions: 1. Does GnuGP (in > particular, the Windows binaries distributed for gpg4win) use AES-NI, the > Intel dedicated AES instruction set? No, it has been disabled due to a bug. I've opened gnupg/issue1919 to track this. > There are some concerns, I'm not sure > how realistic, about backdoors built into the CPU themselves. AES is an algorithm that produces deterministic results. Not really something to backdoor like a RNG. > I noticed > there is an option to "configure", --disable-aesni-support. Where can I get > the full configure command as it was used to build the posted gpg4win > binaries, to check if that switch was present or not? http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=blob;f=src/Makefile.am Look for gpg4win_pkg_<package>_configure (e.g. gpg4win_pkg_libgcrypt_configure) > Also is there any > option to turn hardware acceleration on or off at runtime? No. Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
