[cryptography] Intel RNG

James A. Donald jamesd at echeque.com
Tue Jun 19 20:13:22 EDT 2012

On 2012-06-19 4:51 AM, Matthew Green wrote:
 > 1. Private evaluation report (budgeted to, say, 200 hours)
 > probabilistically identifies N serious vulnerabilities. We
 > all know that another 200 hours could turn up N more. In
 > fact, the code may be riddled with errors. Original N
 > vulnerabilities are patched. What should the public report
 > say? Technically the vulnerabilities are all 'fixed'.

If the public report says what it should say, lots of people will be 

So, what happens if the public report sounds like it saying that the 
product is fine, but in fact the product is crap, and disaster ensues?

Answer:  Absolutely nothing.  Example Wifi security, which somehow 
always uses fine methods in "unusual" ways.  The same people who brought 
you yesterday's failed Wifi security, bring you today's.

To summarize:  Our mechanisms for social verification of truth are 
broken, and are getting more broken.  Social verification tends to scale 
badly.  They have never worked well, and are now working worse than ever.

Nullius in verba:  Take nobody's word for it

This is the general problem with audits of all kinds, not just security 
audits.  It is often not only impossible to punish the irresponsible, 
but even to identify them.

Thus security source code simply has to be available, and that security 
hardware is what it claims to be has to be verifiable - which is why 
Intel should have made it possible to read the  raw unwhitened output of 
its true randomness generator.

And now I am once again going somewhat off topic  on how our social 
verification mechanisms are completely broken - indeed it is very hard 
to make social verification work.

For example the challenger inquiry found that some people had signed off 
both on reports that the space shuttle was going to explode, and also 
reports that it was good to go.  But the culture was blamed, not any 
specific identifiable people.

For example, try identifying who made, and who received, the dud loans 
that are at the root of the current financial crisis, and who commanded 
them to be made.  It is mysteriously difficult to do so.

For example the crisis at MF Global is everywhere described as a 
"liquidity" crisis.  It was in fact a solvency crisis.  Jon Corzine 
pissed away MF Global's assets on politically correct financial 
investments, and then kept the place operating for some time in a state 
of insolvency by borrowing from customer funds, but everyone continues 
to pretend that MF Global was solvent until it was not, because 
according to Sarbannes Oxley accounting standards, it was solvent until 
it was not, presaging an outcome in which no one gets punished.

For example JPM realized it was receiving stolen funds from MF Global. 
There is a large audit trail of incriminating documents as the people at 
JPM wrestle with their consciences.  After generating a large pile of 
highly incriminating paper, they win and their consciences lose.  This 
will probably result in a civil lawsuit against JPM, for acting as a 
fence, but no criminal penalties, nor personal loss of jobs.  Even 
though the trail of documents reveal that an ever increasing number of 
people connected to MF Global knew that MF Global was acting in a 
criminal manner, making them accessories after the fact, it still looks 
as though few, possibly no one, is going to see jail time.

And of course, there are the Climategate files, but to go into any 
details on that can of worms would really take us right off topic. 
Since the widespread introduction of peer review in the 1940s, instead 
of the experimenter telling the scientific community what he observes, 
the scientific community tells the experimenter what he observes.  The 
data cookery revealed by Climategate files is, arguably, business as 
usual.  The defense was "everyone is doing it, that is the way Official 
Science is actually done", which defense is, alas, entirely true.  Peer 
Review was the abandonment of the principle of Nullius in Verba. 
Instead of taking no one's word for it, we take the word of a secretive 
and anonymous panel of referees, resulting in an ever escalating pile of 
bogus science.

To make social verification work, people have to be punished for being 
untruthful, dishonest, and failing in their duty, or at least abruptly 
and irrevocably thrown out of social verification network for the 
slightest infraction.  Which is not nice.

More information about the cryptography mailing list