[Cryptography] [cryptography] Random number generation influenced, HW RNG

Eugen Leitl eugen at leitl.org
Sun Sep 8 07:27:46 EDT 2013


----- Forwarded message from "James A. Donald" <jamesd at echeque.com> -----

Date: Sun, 08 Sep 2013 08:34:53 +1000
From: "James A. Donald" <jamesd at echeque.com>
To: cryptography at randombit.net
Subject: Re: [cryptography] Random number generation influenced, HW RNG
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
Reply-To: jamesd at echeque.com

On 2013-09-08 3:48 AM, David Johnston wrote:
> Claiming the NSA colluded with intel to backdoor RdRand is also to
> accuse me personally of having colluded with the NSA in producing a
> subverted design. I did not.

Well, since you personally did this, would you care to explain the
very strange design decision to whiten the numbers on chip, and not
provide direct access to the raw unwhitened output.

A decision that even assuming the utmost virtue on the part of the
designers, leaves open the possibility of malfunctions going
undetected.

That is a question a great many people have asked, and we have not
received any answers.

Access to the raw output would have made it possible to determine that
the random numbers were in fact generated by the physical process
described, since it is hard and would cost a lot of silicon to
simulate the various subtle offwhite characteristics of a well
described actual physical process.


_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5


More information about the cryptography mailing list