At 9:15 AM -0800 2/2/2000, Eric Murray wrote:
>On Tue, Feb 01, 2000 at 09:00:33PM -0800, Dave Del Torto wrote:
> > At 6:19 pm -0500 2000-01-26, Tom McCune wrote:
>...
> >
>> (A) I'm not sanguine about it being a "default" in any version of
>> PGP, knowing what I do and having been told more by others,
>> (B) I strongly encourage the PGP engineering group to include and
>> explicit checkbook preference/option for disabling PGP's use
>> of the Intel RNG completely into v7.0,
>> (C) I'm troubled that Intel has not yet --even at this late date--
>> provided comprehensive technical data on how the RNG works
>> for public review and,
>> (D) I'm extremely glad there doesn't appear to be one in my Mac or
>> SparcStation, and my hand-built PC's have AMD K2/3's in 'em. ;)
>
>[..]
>
>
>I've also received Intel security info under NDA (and nothing in
>this post will violate same). I do not think that your point D is
>fair- even if the Intel RNG is totally and utterly compromised, it's
>not a threat to your security just by being there on the chip.
>Something has to call it and use it's output in a protocol.
>I do agree with point B however.
The threat to my security from Intel's RNG "just by being there on
the chip" is that more and more encryption products will come to rely
on the Intel RNG alone, or combined with some inadequate source of
entropy like the system clock. Worse, more and more software vendors
will adopt Intel's "trust us" attitude, and refuse to divulge details
of their randomness generation. Some may even attempt to block
reverse engineering that would expose their weaknesses, a la CSS.
Intel's marketing department would love to have a long list of
products that "take advantage" of their proprietary RNG scheme. The
open cryptographic community should endeavor to keep that list as
short as possible, at least until Intel repents and opens its design
to public inspection and verification.
Arnold Reinhold
