In the past, there have been two main problems with the Via crypto sets - availability of convenient software - sufficient documentation and really transparent provable details so that users could trust and verify that the hardware and software were doing what they claimed to be doing and weren't doing anything evil that they didn't admit to, such as including backdoors or bad random number generators.
For typical applications, this is probably fine, though I haven't looked at Via's licenses to see if they can easily be used with a GPL license or if they need LGPL+Weaselwords or worse.
The hard part is trust - Cryptography Research did a study last year about the quality of the random number generator, and found that you get about 0.75 bits of entropy per output bit, or 0.99 if you do Von Neumann whitening, so it's fine for feeding your crypto-based whitener.
But their report indicates that they were mainly working from design documentation and testing actual equipment, so their tests doesn't show what the RNG does if you execute SET MSR UNDOCUMENTED_EVIL_WIRETAP_MODE first, much less what happens to the AES keying info or IVs.
Disclaimer: I'd be really surprised if UNDOCUMENTED_EVIL_WIRETAP_MODE exists - the folks who built the crypto features in say good pro-privacy things, and I'm inclined to trust them. I'm much less sure about the nonexistence of OBSCURE_BUGGY_RNG_CONDITION_MODE. It's very hard to test for these things when you've got complete documentation, even if Ken Thompson wasn't helping write your compilers.
Bill Stewart
At 05:21 AM 9/25/2004, R. A. Hettinga wrote:
<http://www.linuxdevices.com/news/NS1975038466.html> ... Sep. 24, 2004 The first commercial software product to exploit the cryptographic acceleration engine in newer Via processors has hit the market, according to Via. LocustWorld's MeshAP-Pro is a commercial version of MeshAP, Linux software for self-organizing networks of wireless access points. MeshAP-Pro targets larger mesh network operators such as urban service providers.
In addition to selling and supporting MeshAP-Pro software, LocustWorld also offers blackbox hardware platforms for wireless routers, such as the MeshBox, a Linux-based mini-ITX system based on Via mini-ITX boards.
LocustWorld sells Linux-based blackboxes for wireless routers based on Via mini-ITX boards
The processors in newer Via mini-ITX boards based on C5P Nehemiah cores include the PadLock Hardware Security Suite, which includes the PadLock RNG (random number generator) and the PadLock ACE (advanced cryptography engine). PadLock ACE performs low-level processing of the algorithms used in AES (advanced encryption standard), a kind of cryptography defined by US government standards.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]