[149174] in cryptography@c2.net mail archive
Re: [Cryptography] Auditing rngs
daemon@ATHENA.MIT.EDU (=?iso-8859-15?Q?Kriszti=E1n_Pint=E)
Tue Jan 21 15:23:09 2014
X-Original-To: cryptography@metzdowd.com
Date: Tue, 21 Jan 2014 20:15:01 +0100
From: =?iso-8859-15?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <936A06C8-2200-42FC-97B8-41FA4C01261D@gmail.com>
Cc: Philip Shaw <wahspilihp@gmail.com>, Tom Mitchell <mitch@niftyegg.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>, Kent Borg <kentborg@borg.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Kelsey (at Tuesday, January 21, 2014, 6:55:44 PM):
> However, it requires building a "leak the entropy input
> of my drbg" functionality into your HSM, which has some pretty
> obvious bad potential uses.
i think this reasoning is incorrect. it is security through obscurity.
we don't want the errors in our entropy source to be secret. we want
no errors there. in fact, we want direct access to the rawest output
of the TRNG, as well as complete information on how it works including
schematics, statistics, exact location on chip and all. we need full
disclosure.
isn't it the same situation as open source vs closed source? according
to the "secrecy is another layer of defense" argument, open source
should be less secure. the exact opposite is happening.
and i haven't even talked about the trust. post snowden, post RSA
debacle, post dual_ec, we want openness and honesty above all.
ask intel how happy they are with the acceptance of rdrand. i would
bet they are not so happy.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
