On 22/06/12 06:53 AM, Michael Nelson wrote:
James A. Donald wrote:
I see no valid case for on chip whitening. Whitening looks like a classic job
for
software. Why
waste chip real estate on something that will only be used
On that Intel forum site someone pointed to, one of the Intel guys said with
respect to the whitening and health testing processes:
"At the output of the DRBG, through RdRand, you have no visibility of these
processes. We seek to limit the side channels through which an attacker could
determine the internal state of the DRNG."
Good answer!
I suppose that if the rng was shared between multiple processes, and if a
malicious process could read the internal state, then it could predict what
another process was going to be given in the near future.
That said, I think that it's a natural factoring to let the user see the bits
directly from the hardware source, before any massaging. Perhaps this could be
a mode.
It's a natural human question to ask. "I want to see what's under the
hood." But it seems there is also a very good response - if you can see
under the hood, so can your side-channel-equipped attacker.
So what you get is what you get. Love it or leave it.
There is something else to make one slightly skeptical about going
further in this analysis. It's somewhat well known that the microcode
under the chip and other things can be manipulated, and that entire
batches of special chips can be set up for special customers. So we
have a situation where we can rely on the chip to do what is advertised,
but we can't rely on the manufacturer to give us exactly the chip that
they advertised.
Bummer. Same as it ever was. Use the DRBG as an input into the
software mix, it can't hurt, and it probably helps an awful lot.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
