Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

On 9/8/2013 4:27 AM, Eugen Leitl wrote: - Forwarded message from James A. Donald jam...@echeque.com - Date: Sun, 08 Sep 2013 08:34:53 +1000 From: James A. Donald jam...@echeque.com To: cryptogra...@randombit.net Subject: Re: [cryptography] Random number generation influenced, HW RNG

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

would you care to explain the very strange design decision to whiten the numbers on chip, and not provide direct access to the raw unwhitened output. On 2013-09-09 2:40 PM, David Johnston wrote: #1 So that that state remains secret from things trying to discern that state for purposes of

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

number generation influenced, HW RNG #1 So that that state remains secret from things trying to discern that state for purposes of predicting past or future outputs of the DRBG. #2 So that one thread cannot undermine a second thread by putting the DRNG into a broken mode. There is only one

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

There are basically two ways your RNG can be cooked: a. It generates predictable values. Any good cryptographic PRNG will do this if seeded by an attacker. Any crypto PRNG seeded with too little entropy can also do this. b. It leaks its internal state in its output in some encrypted way.

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

- Forwarded message from James A. Donald jam...@echeque.com - Date: Sun, 08 Sep 2013 08:34:53 +1000 From: James A. Donald jam...@echeque.com To: cryptogra...@randombit.net Subject: Re: [cryptography] Random number generation influenced, HW RNG User-Agent: Mozilla/5.0 (Windows NT 5.1;

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

On 09/08/2013 04:27 AM, Eugen Leitl wrote: On 2013-09-08 3:48 AM, David Johnston wrote: Claiming the NSA colluded with intel to backdoor RdRand is also to accuse me personally of having colluded with the NSA in producing a subverted design. I did not. Well, since you personally did this,

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 7, 2013, at 8:06 PM, John Kelsey crypto@gmail.com wrote: There are basically two ways your RNG can be cooked: a. It generates predictable values. Any good cryptographic PRNG will do this if seeded by an attacker. Any crypto PRNG

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

- Forwarded message from Thor Lancelot Simon t...@panix.com - Date: Sat, 7 Sep 2013 15:36:33 -0400 From: Thor Lancelot Simon t...@panix.com To: Eugen Leitl eu...@leitl.org Cc: cryptogra...@randombit.net Subject: Re: [cryptography] Random number generation influenced, HW RNG User-Agent: