[cryptography] RDRAND and Is it possible to protect against malicious hw accelerators?

Thierry Moreau thierry.moreau at connotech.com
Mon Jun 20 10:55:48 EDT 2011

Peter Gutmann wrote:
> Marsh Ray <marsh at extendedsubset.com> writes:

>> So the Intel "DRNG" has observable shared internal state and is shared among 
>> multiple cores.
> The rule for security there is that if an attacker can get physical access to 
> the same CPU as you, you're toast via any number of side-channel attacks 
> anyway.  So the solution is "don't do that, then".  I don't really see this 
> issue as a problem.

I guess reversing the trend towards virtualization and cloud computing 
is "difficult".

Then the question would be whether to trust the CPU or the 
virtualization O/S as a trusted source of randomness. In either case you 
are deemed to be (HW or SW) version-dependent.

If a processor manufacturer gets the RNG right, they might get a product 
differentiation advantage.

The more generic challenge can be described with the following question:

Can any software process hosted in a virtualization environment be 
provided with a) a secret random source, b) a place to store long-term 
secrets, and c) some mechanism for external assessment of software 


- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691

More information about the cryptography mailing list