[cryptography] [liberationtech] Random number generation being influenced - rumors

coderman coderman at gmail.com
Mon Sep 9 01:05:33 EDT 2013

On Sun, Sep 8, 2013 at 9:26 PM, David Johnston <dj at deadhat.com> wrote:
> ...
> #1) Maintaining a strong security boundary.
> ...
> #2) FIPS compliance.
> ...
> #3) Robust engineering. [trust us entirely]
> ...
> #4) Software solutions have been a demonstrable failure. [trust us instead]

none of these are compelling reasons to not release raw access to the
entropy stream from hardware noise sources.*

clearly you have done your homework, and the design, _if trusted_, is
a good one. however, denying access to the raw sources prevents any
evaluation that the entropy sources are indeed operating as designed,
and prevents any mode of operation where independent entropy
estimates, mixing, and host/application pool seeding is possible.

and surely you, when considering the point of view of an attacker, can
recognize the immense value of modes (RDRAND, RDSEED) which provide
only the obfuscated output to callers of these instructions.

last but not least, you take these criticisms as personal attack. i
have not seen anyone attack you personally. in fact, you simply do not
have the clearance nor indoctrination to be trusted with such a
backdoor.  as per the leaked documents, early access to these designs
is used to develop backdoors, exploits, and other surreptitious access
available when the product is.

keeping you in the dark, and enjoying your passionate rebuttals to
claims of compromise, is more effective, isn't it?

More information about the cryptography mailing list