[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
David Mercer
radix42 at gmail.com
Tue Oct 29 00:05:13 EDT 2013
On Sun, Oct 27, 2013 at 3:53 PM, Philipp Gühring <pg at futureware.at> wrote:
> Hmm, if someone is able to run secret opcodes, then we already have
> local code execution, right? And in this case there might be far more
> powerful secret opcodes that give ring 0, ring -1 , ... access, and we
> usually have to care about much larger problems than RNG attacks.
>
Uhm, yes, if I as an attacker have "ring -1" level access to your
machine/hypervisor/VM/whatever, you are so toast that I have already
succeeded, and am not going to give a hoot about attacks on your RNG.
I can grab all your keystrokes, private keys when used, unencrypted data,
etc.
I can't think of ANY threat model in which an attacker would continue
attacking
an RNG if they have that. ANY. Disproof by counter-example from history or
the literature appreciated.
-David Mercer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131028/6f2bd6ee/attachment.html>
More information about the cryptography
mailing list