On Sun, 2013-09-08 at 13:27 +0200, Eugen Leitl wrote:
> - Forwarded message from "James A. Donald" -
> On 2013-09-08 3:48 AM, David Johnston wrote:
> > Claiming the NSA colluded with intel to backdoor RdRand is also to
> > accuse me personally of having colluded with the NSA in producing a
graphy] [cryptography] Random number generation
> influenced, HW RNG
>
> #1 So that that state remains secret from things trying to discern that
state
> for purposes of predicting past or future outputs of the DRBG.
>
> #2 So that one thread cannot undermine a second thread by putti
>> would you care to explain the very strange design decision
>> to whiten the numbers on chip, and not provide direct
>> access to the raw unwhitened output.
On 2013-09-09 2:40 PM, David Johnston wrote:
> #1 So that that state remains secret from things trying to
> discern that state for purpose
On 9/8/2013 4:27 AM, Eugen Leitl wrote:
- Forwarded message from "James A. Donald" -
Date: Sun, 08 Sep 2013 08:34:53 +1000
From: "James A. Donald"
To: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent: Mozilla/5.0 (Windows NT
On 09/08/2013 04:27 AM, Eugen Leitl wrote:
On 2013-09-08 3:48 AM, David Johnston wrote:
Claiming the NSA colluded with intel to backdoor RdRand is also to
accuse me personally of having colluded with the NSA in producing a
subverted design. I did not.
Well, since you personally did this, wou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 7, 2013, at 8:06 PM, John Kelsey wrote:
> There are basically two ways your RNG can be cooked:
>
> a. It generates predictable values. Any good cryptographic PRNG will do
> this if seeded by an attacker. Any crypto PRNG seeded with too l
- Forwarded message from "James A. Donald" -
Date: Sun, 08 Sep 2013 08:34:53 +1000
From: "James A. Donald"
To: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130801
Thunderbird/
There are basically two ways your RNG can be cooked:
a. It generates predictable values. Any good cryptographic PRNG will do this
if seeded by an attacker. Any crypto PRNG seeded with too little entropy can
also do this.
b. It leaks its internal state in its output in some encrypted way.
- Forwarded message from Thor Lancelot Simon -
Date: Sat, 7 Sep 2013 15:36:33 -0400
From: Thor Lancelot Simon
To: Eugen Leitl
Cc: cryptogra...@randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent: Mutt/1.5.20 (2009-06-14)
On Sat, Sep 07, 2013
