[Cryptography] Techniques for malevolent crypto hardware
kentborg at borg.org
Sun Sep 8 22:06:31 EDT 2013
On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
> Perhaps you don't see the big worry, but real world experience says it
> is something everyone else should worry about anyway.
I overstated it.
Good random numbers are crucial, and like any cryptography, exact
details matter. Programmers are constantly making embarrassing
mistakes. (The recent Android RNG bug, was that Sun, Oracle, or Google?)
But there is no special reason to worry about corrupted HW RNGs because
one should not be using them as-is, there are better ways to get good
random data, ways not obvious to a naive civilian, but still well known.
Snowden reassured us when he said that good cryptography is still good
cryptography. If that includes both hashes and cyphers, then the
fundamental components of sensible hybrid RNGs are sound.
Much more worrisome is whether Manchurian Circuits have been added to
any hardware, no matter its admitted purpose, just waiting to be activated.
More information about the cryptography