[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

Theodore Ts'o tytso at mit.edu
Tue Dec 17 20:47:21 EST 2013


On Tue, Dec 17, 2013 at 10:52:41AM +0300, ianG wrote:
> What I am assuming is that Linux devs are a trusting bunch, and
> don't believe that this could be done.  As Nemo posted earlier:
> 
> http://blog.lvh.io/blog/2013/10/19/thoughts-on-rdrand-in-linux/
> 
> http://pastebin.com/A07q3nL3
> 
> Lays out the story better than I can.  They didn't believe it could
> be done.  And they've created the incentive to try.  Bad Linux!

The problem is that I've actually taken a graduate class in CPU
architecture and design at MIT, so I understand the difference between
a gimmicked RDRAND functional unit, and something which requires
making changes to the instruction decode logic, the register renaming
logic, and all of the other bits of complexity that make a modern CPU
go really, really fast by doing out-of-order instruction execution.

Yes --- it could be done.  But it would require having at least an
order of mangitude or two more people inside Intel that would have to
know about it.  It's not something you could just hide away inside the
RDRAND unit, which among other things, is documented as having AES as
its final "whitening" step.  So if you can control what key it uses
and what input it's fed, it's much easier to gimmick RDRAND in a way
where it would be very hard for someone to notice without doing
extensive electron microscope and circuit analysis.

However, if you are going to posit that the CPU is so badly subverted
that the instructure decode and execution units can analyze the
machine instructions to figure which register is being used as the
pointer to the entropy pool or being used for the output, then you
could just as easily imagine the CPU going into System Management Mode
to scan for AES keys and then ship them off the system either using
the network card, either by modulating the timing of packets or by
sneaking bits into unexamined portions of the network packets.

Hacking SMM would be much easier, and allow a much larger and wider
range of attacks.  Or you could hack the keyboard controller to
capture packets: https://www.usenix.org/legacy/event/sec06/tech/shah/shah.pdf

Ultimately, if you need to live at that level of paranoia, you'll need
to build your own CPU out of TTL logic chips --- something which I
learned how to do when I was a freshman at MIT.  It won't be a
terribly fast computer, though....

						- Ted


More information about the cryptography mailing list