[BTW, when responding to a message forwarded, do please fix the quote attribution.]
On Fri, Jul 12, 2013 at 2:29 PM, ianG <[email protected]> wrote: > This thread has been seen before. On-chip RNGs are auditable but not > verifiable by the general public. So the audit can be done then bypassed. > Which in essence means the on-chip RNGs are mostly suitable for mixing into > the entropy pool. > > Not to mention, Intel have been in bed with the NSA for the longest time. > Secret areas on the chip, pop instructions, microcode and all that ... A > more interesting question is whether the non-USA competitors are also > similarly friendly. I'd like to understand what attacks NSA and friends could mount, with Intel's witting or unwitting cooperation, particularly what attacks that *wouldn't* put civilian (and military!) infrastructure at risk should details of a backdoor leak to the public, or *worse*, be stolen by an antagonist. I would hope that talented folks at the NSA would be averse to embedding backdoors in hardware (and firmware, and software) that they could lose control of, especially in light of recent developments. I'm *not* saying that my wishing is an argument for trusting Intel's RNG -- I'm sincerely trying to understand what attacks could conceivably be mounted through a suitably modified RDRAND with low systemic risk. For example, there might be a way to close a backdoor in a hurry, should it leak. Understanding the attacks that sigint agencies might mount in this fashion might help us understand the likelihood of their attempting them. I think it's important to highlight the systemic risk caused by embedding backdoors everywhere. See "Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP", by Bellovin, Blaze, et. al. Systemic failures can be extremely severe. The 2008 financial crisis was a systemic failure, and, sadly, I can imagine far worse systemic failures. Minimizing systemic risk should be a key policy goal in general, but management of systemic risk is inherently not in the interests of any short-term political actors, therefore it's important to ensure institutional inertia for systemic risk minimization. The NSA that once worked to strengthen DES against differential cryptanalysis clearly thought so (or, rather, the people who made that happen did) -- is today's NSA no longer interested in the nation's civilian and military security?! Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
