[cryptography] RDRAND and Is it possible to protect against malicious hw accelerators?
thierry.moreau at connotech.com
Mon Jun 20 10:55:48 EDT 2011
Peter Gutmann wrote:
> Marsh Ray <marsh at extendedsubset.com> writes:
>> So the Intel "DRNG" has observable shared internal state and is shared among
>> multiple cores.
> The rule for security there is that if an attacker can get physical access to
> the same CPU as you, you're toast via any number of side-channel attacks
> anyway. So the solution is "don't do that, then". I don't really see this
> issue as a problem.
I guess reversing the trend towards virtualization and cloud computing
Then the question would be whether to trust the CPU or the
virtualization O/S as a trusted source of randomness. In either case you
are deemed to be (HW or SW) version-dependent.
If a processor manufacturer gets the RNG right, they might get a product
The more generic challenge can be described with the following question:
Can any software process hosted in a virtualization environment be
provided with a) a secret random source, b) a place to store long-term
secrets, and c) some mechanism for external assessment of software
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
More information about the cryptography