[146881] in cryptography@c2.net mail archive
Re: [Cryptography] Techniques for malevolent crypto hardware
daemon@ATHENA.MIT.EDU (Kent Borg)
Sun Sep 8 23:58:16 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 08 Sep 2013 22:06:31 -0400
From: Kent Borg <kentborg@borg.org>
To: cryptography@metzdowd.com
In-Reply-To: <20130908211541.557a7c5a@jabberwock.cb.piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
> Perhaps you don't see the big worry, but real world experience says it
> is something everyone else should worry about anyway.
I overstated it.
Good random numbers are crucial, and like any cryptography, exact
details matter. Programmers are constantly making embarrassing
mistakes. (The recent Android RNG bug, was that Sun, Oracle, or Google?)
But there is no special reason to worry about corrupted HW RNGs because
one should not be using them as-is, there are better ways to get good
random data, ways not obvious to a naive civilian, but still well known.
Snowden reassured us when he said that good cryptography is still good
cryptography. If that includes both hashes and cyphers, then the
fundamental components of sensible hybrid RNGs are sound.
Much more worrisome is whether Manchurian Circuits have been added to
any hardware, no matter its admitted purpose, just waiting to be activated.
-kb
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography