[cryptography] Intel RNG
pgut001 at cs.auckland.ac.nz
Mon Jun 18 23:28:53 EDT 2012
Tim Dierks <tim at dierks.org> writes:
>While this is all true, it's also why manufacturers who want persuasive
>analysis of their products hire consulting vendors with a brand and track
>record strong enough that the end consumer can plausibly believe that their
>reputational risk outweighs the manufacturer's desire for a good report.
>Cryptography Research is such a vendor.
There's also the law of diminishing returns for Intel. Most users of their
products are going to say "it's from Intel, it should be good enough". A
small number of users are going to say "it should be OK but I'd like a second
opinion just to be sure". A vanishingly small number are going to peek out
from under their tinfoil hats and claim that the Bavarian Illuminati "fixed"
the report and they still don't trust it, ignoring the fact that the app
they're using the RNG with has to run as admin under Windows, opens a bunch of
globally-accessible network ports, and has eight different buffer overflows in
The point at which it makes sense to stop is between the second and third
More information about the cryptography