On Sat, Sep 07, 2013 at 06:21:00PM +0300, Maxim Kammerer wrote: > I agree; I misread the Intel documentation previously, and inferred > that CTR_DRBG and other high-level algorithms are implemented in > microcode, with ES being accessible to it (and to reverse engineers) > directly. Personally, I wouldn't trust an embedded engineer to > implement bubble sort correctly, and see no reason to trust them with > security-critical implementations, even if one assumes no malice or
There is a hardware RNG in the AMD Geode LX. I tried very hard to find any documentation, but found effectively nothing. Am I that bad at searching, or this really a black box? > subversion of production process. In Google+ thread referenced above, > David Johnston (Intel engineer in charge of RDRAND) claimed that all > the specs are open and accessible; when I mentioned that the AES block > size in CTR_DRBG is not even specified, I received no response (of > course). Also, proponents of feeding RDRAND directly into > /dev/[u]random ignore the AES-reducibility of any cryptosystem that > uses RDRAND in that fashion. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
