[cryptography] Intel RNG

coderman coderman at gmail.com
Tue Jun 19 15:11:27 EDT 2012


On Tue, Jun 19, 2012 at 6:17 AM, Thor Lancelot Simon <tls at panix.com> wrote:
> ...
> Sanity checks, entropy estimates, and other vetting *which the output
> of a DRBG keyed in a known way by your adversary will pass without
> a hint of trouble*.

absolutely; after it has gone through DRBG you have zero visibility
into state of generation. even von neumann whitening and string
filters obscure to some extent.


> It seems to me the only reason you'd benefit from access to the raw
> source would be if you believed Intel might have goofed the sanity
> checks.  For my part, I am happy to rely on CRI's assurance that Intel's
> sanity checks are good.

the sanity checks, being on die, are limited. you can't run DIEHARD
against this in a useful manner because the DRBG obscures anything
useful.

i'll concede the point that you'd only want raw bits to validate CRI
and Intel assurances, and they've done due diligence.

this is something i like to verify myself; no fault with the Intel
design or CRI analysis implied.



More information about the cryptography mailing list