[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say
Stephan Mueller
smueller at chronox.de
Sun Dec 22 17:16:45 EST 2013
Am Freitag, 20. Dezember 2013, 15:46:32 schrieb Arnold Reinhold:
Hi Arnold,
>
> As others have said, a billion chip CPU is impossible to audit. Adding what
> I proposed, a key stretcher in the initialization chain of an OS RNG like
> Yarrow or /dev/random, is very simple to do and need only add a few seconds
> to first boot up. The best solution however is still an auditable source
> of randomness independent of the CPU.
Entropy can only exist if the process that shall produce it is non-
deterministic for the observer. That means that if you can audit the source of
randomness to fully understand the full nature of the noise source, the noise
source, by definition, does not produces entropy for you.
Also, considering that entropy is relative for every observer, all an entropy
source can deliver is that any attacker is as unable to understand the true
entropy source as you are.
Therefore, any audit can only have the goal to demonstrate that still nobody
has full control or knowledge over the basic noise source.
That said, I am yet working on testing the CPU execution timing varations with
my bare metal tester to develop some understanding why the variations occur.
My current hunch which is not yet conclusive points to the timing variations
of the CPu clock and the memory (including L2/L3) clock cycles which requires
the CPU to introduce wait states to fetch/store data from/to memory.
Ciao
Stephan
--
| Cui bono? |
More information about the cryptography
mailing list