----- Forwarded message from Eric Young <e...@pobox.com> ----- Date: Tue, 10 Sep 2013 20:58:20 +1000 From: Eric Young <e...@pobox.com> To: Eugen Leitl <eu...@leitl.org> Cc: cypherpu...@al-qaeda.net, i...@postbiota.org, zs-...@zerostate.is, Cryptography List <cryptogra...@metzdowd.com> Subject: Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG X-Mailer: Evolution 3.2.3-0ubuntu6
On Sun, 2013-09-08 at 13:27 +0200, Eugen Leitl wrote: > ----- Forwarded message from "James A. Donald" <jam...@echeque.com> ----- > On 2013-09-08 3:48 AM, David Johnston wrote: > > Claiming the NSA colluded with intel to backdoor RdRand is also to > > accuse me personally of having colluded with the NSA in producing a > > subverted design. I did not. > > Well, since you personally did this, would you care to explain the > very strange design decision to whiten the numbers on chip, and not > provide direct access to the raw unwhitened output. > > A decision that even assuming the utmost virtue on the part of the > designers, leaves open the possibility of malfunctions going > undetected. I may have missed this part of the thread, but I'm interested in knowing the rational for letting the hyper-visor intercept the RDRAND call and return any value it likes, bypassing the random hardware. I've had one person speculate it would be useful for keeping 2 CPUs in sync, (the TSC can also be intercepted), but it does worry me that RDRAND calls can be rendered predictable by a compromised VM. eric For those interested, Intel document 325462.pdf, "Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C" Page 'Vol. 3C 27-23', Table 27-12. Format of the VM-Exit Instruction-Information Field as Used for RDRAND ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
