[cryptography] on using RDRAND [was: Entropy improvement: haveged + rngd together?]
smueller at chronox.de
Tue Dec 3 02:02:12 EST 2013
Am Montag, 2. Dezember 2013, 23:16:28 schrieb dj at deadhat.com:
> > the work that you have done to make hardware entropy sources readily
> > available in Intel chips should be commended, and i certainly
> > appreciate it. i will however continue to complain until it is even
> > better, with configurable access to the raw entropy samples for those
> > who wish to evaluate or run the TRNG in this mode.
> I'm currently arguing with NIST about their specifications which make it
> hard to provide raw entropy while being FIPS 140-2 and NIST SP800-90
Interesting: I have the same type of discussion (SP800-90B) to prepare (and
even went through it -- see ) and I do not see it that problematic, if you
have the right hooks into your noise source implementation (and I could
imagine that this is a challenge with the current RDSEED/RDRAND
> compliant. If I had a free hand, it would not be a configuration.
> Configurations suck in numerous ways. It would just be there.
This is not acceptable for many. When you are involved in the Intel RNG
development, you may have insights. But I do not. And I trust that some three-
letter agencies are able to fumble with a large US vendor's implementation of
a noise source (considering that they could hide their backdoored DRBG in
plain sight for quite some time).
> Chip design is a slow process. Standards writing is a slow process,
> especially when NIST is involved. When one depends on the other it is even
> slower. So don't hold your breath waiting for anything to happen.
> Feel free to lean on NIST. I notice that they haven't even published the
> public comments yet. The comment period for SP800-90 ended over three
> weeks ago.
Maybe they got quite a few (including from me)?
> The AES and SHA-3 competitions were not like this, even though RNG's are
> less glitzy, they are a more fundamental security feature but they're
> getting less attention from NIST.
I spoke with several NIST folks involved in the RNG process in September. And
they are not ignorant. Therefore, I would not suggest that we imply anything
| Cui bono? |
More information about the cryptography