Linux-based wireless mesh suite adds crypto engine support
John Gilmore
gnu at toad.com
Thu Sep 30 18:25:57 EDT 2004
> >- sufficient documentation and really transparent provable details so that
> >users could trust and verify that the hardware and software were doing what
> >they claimed to be doing and weren't doing anything evil that they didn't
> >admit to, such as including backdoors or bad random number generators.
>
> Tinfoil hat stuff - why trust any crypto hardware then?
I don't -- do you?
Crypto hardware that does algorithms can be tested by periodically
comparing its results to a software implementation. Production
applications should probably be doing this -- maybe 1% of the time.
Crypto hardware that generates "random" numbers can't be tested in
production in many useful ways. My suggestion would be to XOR a
hardware-generated and a software-generated random number stream. If
one fails, whether by accident, malice, or design, the other will
still randomize the resulting stream. Belt AND suspenders will keep
your source of randomness from being your weakest link.
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list