[cryptography] Intel RNG

Matthew Green matthewdgreen at gmail.com
Mon Jun 18 14:51:17 EDT 2012

I think that Jack said most of what I would. The incentives all point in the wrong direction. 

I suspect that Jon is one of a few people who have been (a) in the hiring position, and (b) truly cared about the security of the product, rather than marketing it as 'secure'. I also think Jon is relatively rare in that respect. I've personally turned down jobs where it's obvious that the client is not like Jon.

I don't see anyone (competent) pulling their punches, and, passing through a seriously flawed product. But there are other kinds of compromise:

1. Private evaluation report (budgeted to, say, 200 hours) probabilistically identifies N serious vulnerabilities. We all know that another 200 hours could turn up N more. In fact, the code may be riddled with errors. Original N vulnerabilities are patched. What should the public report say? Technically the vulnerabilities are all 'fixed'.

2. Client wants to set unusual parameters for the evaluation: e.g., you won't get the device, we'll do your data collection for you. Of course you'll note this in your report. But what you say is /not/ what people will hear. Are you comfortable with this?

3. Client has an odd threat model. It's not something you agree with, but you think: could I just explain that this is the model the client has proposed, point out the flaws in it and then move forward with an analysis? 

There are probably other examples. I like to think that I've come down on the right side of these, but I recognize that these are all pressure points, and money /does/ influence where you stand. (I've also seen it from the other side. Ugh.)


On Jun 18, 2012, at 1:20 PM, Jon Callas wrote:

> On Jun 18, 2012, at 5:26 AM, Matthew Green wrote:
> > The fact that something occurs routinely doesn't actually make it a good idea. I've seen stuff in FIPS 140 evaluations that makes my skin crawl. 
> > 
> > This is CRI, so I'm fairly confident nobody is cutting corners. But that doesn't mean the practice is a good one. 
> I don't understand.
> A company makes a cryptographic widget that is inherently hard to test or validate. They hire a respected outside firm to do a review. What's wrong with that? I recommend that everyone do that. Un-reviewed crypto is a bane.
> Is it the fact that they released their results that bothers you? Or perhaps that there may have been problems that CRI found that got fixed?
> These also all sound like good things to me.
> 	Jon

More information about the cryptography mailing list