On Thu, Sep 12, 2013 at 11:00:47AM -0400, Perry E. Metzger wrote:
> In addition to getting CPU makers to always include such things,
> however, a second vital problem is how to gain trust that such RNGs
> are good -- both that a particular unit isn't subject to a hardware
> defect and that the design wasn't sabotaged. That's harder to do.

Or that a design wasn't sabotaged intentionally wasn't sabotaged
accidentally while dropping it into place in a slightly different
product.  I've always thought highly of the design of the Hifn RNG
block, and the outside analysis of it which they published, but years
ago at Reefedge we found a bug in its integration into a popular Hifn
crypto processor that evidently had slipped through the cracks -- I
discussed it in more detail last year at
http://permalink.gmane.org/gmane.comp.security.cryptography.randombit/3020 .

The cryptography mailing list

Reply via email to