The cool thing, to me, is that it presents a really interesting question on the test side: How do you determine that the advertised level of entropy is there? How can you tell, from a computation, that the RNG used 128 bits instead of 32 bits? They were able to prove that they successfully hacked it by being able to break encryption created with the RNG that they doctored. Is there a faster way to determine that it is up to snuff? Is there a deterministic way that can show, given the input and the output, that he RNG had exactly X number of bits of entropy? Or calculate how many bits there were?
Interesting questions to research. Judah On Wed, Sep 18, 2013 at 10:22 AM, Jerry Milo Johnson <[email protected]>wrote: > > sigh. sometimes smart people are too smart > > > On Wed, Sep 18, 2013 at 1:01 PM, Judah McAuley <[email protected]> > wrote: > > > > > Researchers demonstrate the ability to very subtly modify the doping on > an > > Intel chip mask and drop the entropy of the random number generator in > such > > a fashion that it becomes easy to crack the results of encryption that > > relies up on it. Best part being that the compromised hardware passes > > optical tests and all the FIPS tests. > > > > > > > http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/ > > > > Cheers, > > Judah > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:367196 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
