[cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Nico Williams nico at cryptonector.com
Fri Jul 12 16:38:09 EDT 2013


[BTW, when responding to a message forwarded, do please fix the quote
attribution.]

On Fri, Jul 12, 2013 at 2:29 PM, ianG <iang at iang.org> wrote:
> This thread has been seen before.  On-chip RNGs are auditable but not
> verifiable by the general public.  So the audit can be done then bypassed.
> Which in essence means the on-chip RNGs are mostly suitable for mixing into
> the entropy pool.
>
> Not to mention, Intel have been in bed with the NSA for the longest time.
> Secret areas on the chip, pop instructions, microcode and all that ...  A
> more interesting question is whether the non-USA competitors are also
> similarly friendly.

I'd like to understand what attacks NSA and friends could mount, with
Intel's witting or unwitting cooperation, particularly what attacks
that *wouldn't* put civilian (and military!) infrastructure at risk
should details of a backdoor leak to the public, or *worse*, be stolen
by an antagonist.  I would hope that talented folks at the NSA would
be averse to embedding backdoors in hardware (and firmware, and
software) that they could lose control of, especially in light of
recent developments.  I'm *not* saying that my wishing is an argument
for trusting Intel's RNG -- I'm sincerely trying to understand what
attacks could conceivably be mounted through a suitably modified
RDRAND with low systemic risk.

For example, there might be a way to close a backdoor in a hurry,
should it leak.

Understanding the attacks that sigint agencies might mount in this
fashion might help us understand the likelihood of their attempting
them.

I think it's important to highlight the systemic risk caused by
embedding backdoors everywhere.  See "Security Implications of
Applying the Communications Assistance to Law Enforcement Act to Voice
over IP", by Bellovin, Blaze, et. al.  Systemic failures can be
extremely severe.  The 2008 financial crisis was a systemic failure,
and, sadly, I can imagine far worse systemic failures.  Minimizing
systemic risk should be a key policy goal in general, but management
of systemic risk is inherently not in the interests of any short-term
political actors, therefore it's important to ensure institutional
inertia for systemic risk minimization.  The NSA that once worked to
strengthen DES against differential cryptanalysis clearly thought so
(or, rather, the people who made that happen did) -- is today's NSA no
longer interested in the nation's civilian and military security?!

Nico
--


More information about the cryptography mailing list