On 2013-09-10 4:30 PM, ianG wrote:
The question of whether one could simulate a raw physical source is
tantalising. I see diverse opinions as to whether it is plausible,
and thinking about it, I'm on the fence.
Let us consider that source of colored noise with which we are most
familiar:
On 10/09/13 06:29 AM, John Kelsey wrote:
But I am not sure how much it helps against tampered chips. If I can tamper
with the noise source in hardware to make it predictable, it seems like I
should also be able to make it simulate the expected behavior. I expect this
is more complicated
On 9/8/2013 4:27 AM, Eugen Leitl wrote:
- Forwarded message from James A. Donald jam...@echeque.com -
Date: Sun, 08 Sep 2013 08:34:53 +1000
From: James A. Donald jam...@echeque.com
To: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
First, David, thank you for participating in this discussion.
To orient people, we're talking about whether Intel's on-chip
hardware RNGs should allow programmers access to the raw HRNG output,
both for validation purposes to make sure the whole system is working
correctly, and if they would
would you care to explain the very strange design decision
to whiten the numbers on chip, and not provide direct
access to the raw unwhitened output.
On 2013-09-09 2:40 PM, David Johnston wrote:
#1 So that that state remains secret from things trying to
discern that state for purposes of
number generation
influenced, HW RNG
#1 So that that state remains secret from things trying to discern that
state
for purposes of predicting past or future outputs of the DRBG.
#2 So that one thread cannot undermine a second thread by putting the
DRNG into a broken mode. There is only one
On Sep 9, 2013, at 6:32 PM, Perry E. Metzger pe...@piermont.com wrote:
First, David, thank you for participating in this discussion.
To orient people, we're talking about whether Intel's on-chip
hardware RNGs should allow programmers access to the raw HRNG output,
both for validation
There are basically two ways your RNG can be cooked:
a. It generates predictable values. Any good cryptographic PRNG will do this
if seeded by an attacker. Any crypto PRNG seeded with too little entropy can
also do this.
b. It leaks its internal state in its output in some encrypted way.
- Forwarded message from James A. Donald jam...@echeque.com -
Date: Sun, 08 Sep 2013 08:34:53 +1000
From: James A. Donald jam...@echeque.com
To: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv
On 09/08/2013 04:27 AM, Eugen Leitl wrote:
On 2013-09-08 3:48 AM, David Johnston wrote:
Claiming the NSA colluded with intel to backdoor RdRand is also to
accuse me personally of having colluded with the NSA in producing a
subverted design. I did not.
Well, since you personally did this,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 7, 2013, at 8:06 PM, John Kelsey crypto@gmail.com wrote:
There are basically two ways your RNG can be cooked:
a. It generates predictable values. Any good cryptographic PRNG will do
this if seeded by an attacker. Any crypto PRNG
- Forwarded message from Thor Lancelot Simon t...@panix.com -
Date: Sat, 7 Sep 2013 15:36:33 -0400
From: Thor Lancelot Simon t...@panix.com
To: Eugen Leitl eu...@leitl.org
Cc: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent
12 matches
Mail list logo
