Linux-based wireless mesh suite adds crypto engine support

Bill Stewart bill.stewart at pobox.com
Tue Sep 28 02:00:10 EDT 2004 

In the past, there have been two main problems with the Via crypto sets
- availability of convenient software
- sufficient documentation and really transparent provable details
         so that users could trust and verify that the hardware and software
         were doing what they claimed to be doing and
         weren't doing anything evil that they didn't admit to,
         such as including backdoors or bad random number generators.

For typical applications, this is probably fine,
though I haven't looked at Via's licenses to see if they can
easily be used with a GPL license or if they need LGPL+Weaselwords or worse.

The hard part is trust - Cryptography Research did a study last year
about the quality of the random number generator, and found that you
get about 0.75 bits of entropy per output bit, or 0.99 if you do
Von Neumann whitening, so it's fine for feeding your crypto-based whitener.

But their report indicates that they were mainly working from
design documentation and testing actual equipment,
so their tests doesn't show what the RNG does if you execute
         SET MSR UNDOCUMENTED_EVIL_WIRETAP_MODE
first, much less what happens to the AES keying info or IVs.

Disclaimer:  I'd be really surprised if UNDOCUMENTED_EVIL_WIRETAP_MODE exists -
the folks who built the crypto features in say good pro-privacy things,
and I'm inclined to trust them.  I'm much less sure about the
nonexistence of OBSCURE_BUGGY_RNG_CONDITION_MODE.
It's very hard to test for these things when you've got complete documentation,
even if Ken Thompson wasn't helping write your compilers.

                 Bill Stewart



At 05:21 AM 9/25/2004, R. A. Hettinga wrote:
><http://www.linuxdevices.com/news/NS1975038466.html> ...
>Sep. 24, 2004
>The first commercial software product to exploit the cryptographic
>acceleration engine in newer Via processors has hit the market, according
>to Via. LocustWorld's MeshAP-Pro is a commercial version of MeshAP, Linux
>software for self-organizing networks of wireless access points. MeshAP-Pro
>targets larger mesh network operators such as urban service providers.
>
>In addition to selling and supporting MeshAP-Pro software, LocustWorld also
>offers blackbox hardware platforms for wireless routers, such as the
>MeshBox, a Linux-based mini-ITX system based on Via mini-ITX boards.
>
>LocustWorld sells Linux-based blackboxes for wireless routers based on Via
>mini-ITX boards
>
>The processors in newer Via mini-ITX boards based on C5P Nehemiah cores
>include the PadLock Hardware Security Suite, which includes the PadLock RNG
>(random number generator) and the PadLock ACE (advanced cryptography
>engine). PadLock ACE performs low-level processing of the algorithms used
>in AES (advanced encryption standard), a kind of cryptography defined by US
>government standards.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list