[147879] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (David Mercer)
Tue Oct 29 12:27:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <526D995A.1000800@futureware.at>
Date: Mon, 28 Oct 2013 21:05:13 -0700
From: David Mercer <radix42@gmail.com>
To: =?UTF-8?Q?Philipp_G=C3=BChring?= <pg@futureware.at>
Cc: Alexandre Anzala-Yamajako <anzalaya@gmail.com>,
Cryptography <cryptography@metzdowd.com>, John Denker <jsd@av8n.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0036189073838787200==
Content-Type: multipart/alternative; boundary=047d7b66fc0fd0fa4904e9d9520b
--047d7b66fc0fd0fa4904e9d9520b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Sun, Oct 27, 2013 at 3:53 PM, Philipp G=C3=BChring <pg@futureware.at> wr=
ote:
> Hmm, if someone is able to run secret opcodes, then we already have
> local code execution, right? And in this case there might be far more
> powerful secret opcodes that give ring 0, ring -1 , ... access, and we
> usually have to care about much larger problems than RNG attacks.
>
Uhm, yes, if I as an attacker have "ring -1" level access to your
machine/hypervisor/VM/whatever, you are so toast that I have already
succeeded, and am not going to give a hoot about attacks on your RNG.
I can grab all your keystrokes, private keys when used, unencrypted data,
etc.
I can't think of ANY threat model in which an attacker would continue
attacking
an RNG if they have that. ANY. Disproof by counter-example from history or
the literature appreciated.
-David Mercer
--047d7b66fc0fd0fa4904e9d9520b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Sun, Oct 27, 2013 at 3:53 PM, Philipp G=C3=BChring <spa=
n dir=3D"ltr"><<a href=3D"mailto:pg@futureware.at" target=3D"_blank">pg@=
futureware.at</a>></span> wrote:<div class=3D"gmail_extra"><div class=3D=
"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hmm, if someone is able to run secret opcode=
s, then we already have<br>
local code execution, right? And in this case there might be far more<br>
powerful secret opcodes that give ring 0, ring -1 , ... access, and we<br>
usually have to care about much larger problems than RNG attacks.<br></bloc=
kquote><div><br></div><div>Uhm, yes, if I as an attacker have "ring -1=
" level access to your=C2=A0</div><div>machine/hypervisor/VM/whatever,=
you are so toast that I have already</div>
<div>succeeded, and am not going to give a hoot about attacks on your RNG.<=
/div><div>I can grab all your keystrokes, private keys when used, unencrypt=
ed data,=C2=A0</div><div>etc.<br></div><div><br></div><div>I can't thin=
k of ANY threat model in which an attacker would continue attacking</div>
<div>an RNG if they have that. ANY. Disproof by counter-example from histor=
y or</div><div>the literature appreciated.</div><div><br></div><div>-David =
Mercer</div></div></div></div>
--047d7b66fc0fd0fa4904e9d9520b--
--===============0036189073838787200==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0036189073838787200==--
