[cryptography] Random number generation influenced, HW RNG
dj at deadhat.com
Sat Sep 7 13:48:02 EDT 2013
On 9/6/2013 2:03 PM, grarpamp wrote:
>>> Does anyone put any stock into the rumors floating lately that the
>>> government may have influenced Intel and/or AMD into altering
>> However, I claim that the fear is well founded and should be taken into
>> account by all threat models.
It interesting to consider the possibilities of corruption and deception
that may exist in product design. It's a lot more alarming when it's
your own design that is being accused of having been backdoored.
Claiming the NSA colluded with intel to backdoor RdRand is also to
accuse me personally of having colluded with the NSA in producing a
subverted design. I did not.
A quick googling revealed many such instances of statements to this
effect, strewn across the internet, based on inferences from the Snowden
leaks and resulting Guardian and NYT articles.
I personally know it not to be true and from my perspective, the effort
we went to improve computer security by making secure random numbers
available and ubiquitous in a low attack-surface model is now being
undermined by speculation that would lead people to use less available,
less secure RNGs. This I expect would serve the needs of the NSA well.
More information about the cryptography