[cryptography] Which encryption chips are compromised?

coderman coderman at gmail.com
Wed Dec 11 22:01:31 EST 2013


On Wed, Dec 11, 2013 at 6:28 PM, Steve Weis <steveweis at gmail.com> wrote:
> ...
> Ivy Bridge processors are general purpose x86 CPUs. It doesn't make sense to
> me to refer to it as an "encryption chip" for "web encryption devices".

"used in Virtual Private Network" == PPTP,IPsec,OpenVPN,etc.

"Web encryption devices" == in my interpretation, this is any targeted
hardware with the vulnerable chip.  it could be a tablet, a desktop,
and rack mount server...  any of these platforms could speak VPN or
Web crypto.  TAO/SCS do like to get into the switches though ;)


> Do
> you know of products using IVB processors for SSL offloading or in VPN
> appliances?

mostly "cloud infrastructure", "software defined data center", and the like:
http://www.routeranalysis.com/the-vyatta-cloud-router-story/
http://www.routeranalysis.com/etsi-network-function-virtualization-working-group/



> To me, the redacted document sounds like it's referring to a security
> processor used for SSL offloading. For example, something like a Cavium
> Nitrox (which I'm not implying is the subject of the document).

back in the day, Sun got tired of the (relatively) slow performance
and latency of crypto offloading via bus and simply threw it into the
core.  you were still offloading crypto, but within the CPU.

also note that endpoint compromises sufficient to decrypt VPN or
secure web traffic is already present in TAO/CNE's tasking.  this
effort [CCP_00009] may focus on VPN concentrator / secure web proxy
deployments specifically to handle the RDRAND lookup per their private
starting counter.

previous back doors have also used entropy leakage sufficient to bring
a brute force attack into reasonable effort, while still denying third
parties a class break of the entropy / keys used.  this type of key
space search is not done on the ground with portable CNE but instead
back at SCS...


on a related tangent, the lack of additional disclosures is quite
frustrating.  this entire conversation would be resolved in a glance
if $the_snowden_gatekeepers were acting in the public interest.  :/

best regards,


More information about the cryptography mailing list