[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

John Denker jsd at av8n.com
Sun Dec 22 19:35:33 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/22/2013 03:16 PM, Stephan Mueller wrote:
> Entropy can only exist if the process that shall produce it is non-
> deterministic for the observer. That means that if you can audit the source of 
> randomness to fully understand the full nature of the noise source, the noise 
> source, by definition, does not produces entropy for you.

That's diametrically the wrong way to think about it.

Every cryptographer knows about "cut and choose".  You don't
do both at the same time.

By the same token, the HRNG isn't used for production at the
same time it's being audited.  Just because they aren't done
at the same time doesn't mean they can't be done.

Moving now from analogy to technical detail:  Entropy is a 
property of the distribution, not of any particular data 
point drawn from the distribution.  This is not a deep 
concept;  the same goes for the mean, standard deviation, 
and innumerable other statistical properties:  they are 
properties of the ensemble.

In other words, there is no such thing as a random number.
You can have a random distribution over numbers, but then
the randomness is in the distribution, not in any particular
number drawn from the distribution.

Therefore one does not check to see whether the HRNG is
producing the so-called "correct" so-called "random numbers";
rather one audits the mechanism.  One audits the mechanism
by which the random distribution is produced.

  Very little of the code that ships with turbid is involved
  in producing the randomly-distributed output.  Most of it
  is for calibrating the mechanism.

As H.E. Fosdick put it:  Person saying it cannot be done is
liable to be interrupted by person doing it.

Turbid can be audited.  It is an interdisciplinary exercise,
requiring skill in electronics, computer science, cryptography,
and physics ... so if you walk into the National Zoo and ask
the first primate you find, he or she probably won't know how
to do it.  On the other hand, you should be able to find a
person -- or put together a small team -- with the requisite 
skills.  Compared to validating a new cryptologic primitive 
from scratch, it is trivial.  That's because it uses existing 
primitives in prosaic ways.

If anybody disagrees, please tell us what part of turbid cannot 
be audited.  Please be as specific as you can.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIVAwUBUreFUPO9SFghczXtAQLAjBAAtxnpcbhCTOtuS9rarg2Dmy5hlJGdtWmA
4XC9IYomGKSm2EDWVlvF2NgsRjfQqA7ozJsjZ7znqrnswVbHDOIllAMpmC3gxKG7
fA8g3qlodRLwPiHRdmp2N60e/X5Si59ppc6uRRLsRmtY7ErUUONIwTyLtt9KkH+N
jnuGT9tOAg53P9RWFj2U4so7l3sMagtX9zOOJp7TrufoCL/G1JCnlwpMgfH0n29q
IvnbgRduKSl5KnXMsaedio0fa7BmCJN+xVrfdSmYbj0Cj8p4XVFjde/eUz+kZaLF
OALZuUg57YMe3viVPCG0VGl6brDsynahdTV26ILsrmGwcaXYYexQg1+SYQL/zYLu
7n2f7APJw8I6t9GghZPqWIJf12ulodmfVx+JdA2bX112MXCWYDyjB4KeaniU4r/w
CzDtci8apH6KvKunqyZaRMLyOMIohdymLTuPWdGNWYbfZQb53yy6pL84dAAbd6tH
G1+aieXtRd/NqyBRke5F5oeYBuSX7wdwqEp+EW0aa9hlagtrc+xTyc98mDQhzzHV
0vEPrqYvL6tpcHsh04NBVDMmbsABiSpwElNaoUyHI+aMYIAAV2KOZQY4rmHt6O8P
X7llQf5nJbgWqMKUxqKmdPEyGIG90aDGp51L0JgxhgDLltuY5uIuOAgjo8LOvrqn
fdBjIhkoff4=
=+WAI
-----END PGP SIGNATURE-----


More information about the cryptography mailing list