[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

[Stephan Mueller]

Am Freitag, 20. Dezember 2013, 15:46:32 schrieb Arnold Reinhold:

Hi Arnold,

> 
> As others have said, a billion chip CPU is impossible to audit. Adding what
> I proposed, a key stretcher in the initialization chain of an OS RNG like
> Yarrow or /dev/random, is very simple to do and need only add a few seconds
> to first boot up.  The best solution however is still an auditable source
> of randomness independent of the CPU.

Entropy can only exist if the process that shall produce it is non-
deterministic for the observer. That means that if you can audit the source of 
randomness to fully understand the full nature of the noise source, the noise 
source, by definition, does not produces entropy for you.

Also, considering that entropy is relative for every observer, all an entropy 
source can deliver is that any attacker is as unable to understand the true 
entropy source as you are.

Therefore, any audit can only have the goal to demonstrate that still nobody 
has full control or knowledge over the basic noise source.

That said, I am yet working on testing the CPU execution timing varations with 
my bare metal tester to develop some understanding why the variations occur. 
My current hunch which is not yet conclusive points to the timing variations 
of the CPu clock and the memory (including L2/L3) clock cycles which requires 
the CPU to introduce wait states to fetch/store data from/to memory.

Ciao
Stephan
-- 
| Cui bono? |