OK OK OK http://en.wikipedia.org/wiki/Hardware_random_number_generator
My mistake. On 19 September 2013 17:40, James Morris <jwm.art....@gmail.com> wrote: > Oh and http://en.wikipedia.org/wiki/Cycle_detection > > > > On 19 September 2013 17:34, James Morris <jwm.art....@gmail.com> wrote: > >> >> >> >> On 19 September 2013 16:52, Rob Myers <r...@robmyers.org> wrote: >> >>> On 18/09/13 11:07 PM, James Morris wrote: >>> > On Sep 19, 2013 2:12 AM, "Rob Myers" <r...@robmyers.org >>> > <mailto:r...@robmyers.org>> wrote: >>> >> >>> >> "Scientists have developed a technique to sabotage the cryptographic >>> >> capabilities included in Intel's Ivy Bridge line of microprocessors. >>> The >>> >> technique works without being detected by built-in tests or physical >>> >> inspection of the chip." - >>> >> >>> > >>> http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/ >>> >> >>> > >>> > presented as scary stuff. but extremely easy top detect by software. >>> > prng ffs! >>> >>> Just have it fail after a certain date or in response to a particular >>> message, then. ;-) >>> >>> Well that would be an additive modification rather than subtractive - >> quite a large leap from a reduction in bits which is what this is. But what >> I'm getting at is what makes it useful to a hacker also allows it to be >> detected: if keys can be extracted then we detect it ;-p >> >> >> http://en.wikipedia.org/wiki/Random_number_generation#Practical_applications_and_uses >> >> >>> Also: >>> >>> "In addition to the Ivy Bridge processor, the researchers applied the >>> dopant technique to lodge a trojan in a chip prototype that was designed >>> to withstand so-called side channel attacks. The result: cryptographic >>> keys could be correctly extracted on the tampered device with a >>> correlation close to 1. " >>> >>> Same again, if we can extract keys we detect it. >> >> The article fails to acknowledge the possibility of software detection in >> order fear monger. As well as simulating attacks, unit testing would be >> another possibility. I just don't think this is as undetectable as the >> article tries to make out. http://en.wikipedia.org/wiki/Unit_testing >> >> But I don't really know. >> >> James. >> >> >> >> >> >
_______________________________________________ NetBehaviour mailing list NetBehaviour@netbehaviour.org http://www.netbehaviour.org/mailman/listinfo/netbehaviour
