[cryptography] Design Strategies for Defending against Backdoors

coderman coderman at gmail.com
Mon Nov 18 03:47:21 EST 2013


On Sun, Nov 17, 2013 at 11:27 PM, ianG <iang at iang.org> wrote:
> In the cryptogram sent over the weekend, Bruce Schneier talks about how to
> design protocols to stop backdoors.  Comments?
>...
>     All random number generators should conform to published and accepted
> standards. Breaking the random number generator is the easiest
> difficult-to-detect method of subverting an encryption system. A corollary:
> we need better published and accepted RNG standards.


Intel still has not released raw access to their entropy sources;
RDRAND and RDSEED both passing through the conditioner (AES-CBC-MAC),
RDRAND also munged via AES CTR_DRBG (per NIST).

anything less than raw access to the entropy source samples inspires
no confidence...


More information about the cryptography mailing list