[cryptography] Which encryption chips are compromised?

coderman coderman at gmail.com
Thu Dec 12 12:18:09 EST 2013


On Thu, Dec 12, 2013 at 8:42 AM, coderman <coderman at gmail.com> wrote:
>> IVB already shipped in 2012...
> only server Ivy Bridge: Xeon E3 in mid-2012.

this does bring up an interesting point:

while it may be more efficient to use the same "key" for the DRBG
output across all processor lines, it would be more secure to use a
different key per line.  this implies that each iteration of Sandy
Bridge -> Ivy Bridge -> Haswell needs to be "enabled" by CCP, with
Xeon E5 debut in 2013 as discussed.

for Sandy Bridge, this would have shown in 2010? and unless in network
equipment described simply as "enabling decryption for Sandy Bridge
used by $operating systems and $applications."

sadly we'll have to wait a while to confirm this conjecture for
Haswell.  and we'll have to wait forever for more leaks apparently, as
the continuing decline of details demonstrates...


best regards,


More information about the cryptography mailing list