[cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Patrick Mylund Nielsen cryptography at patrickmylund.com
Sat Jul 13 01:43:49 EDT 2013


On Sat, Jul 13, 2013 at 1:38 AM, William Yager <will.yager at gmail.com> wrote:

>  not trusting your hardware is a great place to start.
>
>
Heh, might as well just give up. http://cm.bell-labs.com/who/ken/trust.html

(I know what you meant, just couldn't resist.)


>
> On Fri, Jul 12, 2013 at 7:20 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
>
>> Nico Williams <nico at cryptonector.com> writes:
>>
>> >I'd like to understand what attacks NSA and friends could mount, with
>> Intel's
>> >witting or unwitting cooperation, particularly what attacks that
>> *wouldn't*
>> >put civilian (and military!) infrastructure at risk should details of a
>> >backdoor leak to the public, or *worse*, be stolen by an antagonist.
>>
>> Right.  How exactly would you backdoor an RNG so (a) it could be
>> effectively
>> used by the NSA when they needed it (e.g. to recover Tor keys), (b) not
>> affect
>> the security of massive amounts of infrastructure, and (c) be so totally
>> undetectable that there'd be no risk of it causing a s**tstorm that makes
>> the
>> $0.5B FDIV bug seem like small change (not to mention the legal issues,
>> since
>> this one would have been inserted deliberately, so we're probably talking
>> bet-
>> the-company amounts of liability there).
>>
>> >I'm *not* saying that my wishing is an argument for trusting Intel's RNG
>> --
>> >I'm sincerely trying to understand what attacks could conceivably be
>> mounted
>> >through a suitably modified RDRAND with low systemic risk.
>>
>> Being careful is one thing, being needlessly paranoid is quite another.
>>  There
>> are vast numbers of issues that crypto/security software needs to worry
>> about
>> before getting down to "has Intel backdoored their RNG".
>>
>> Peter.
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
>>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130713/36f22c62/attachment.html>


More information about the cryptography mailing list