[Cryptography] Techniques for malevolent crypto hardware

Kent Borg kentborg at borg.org
Sun Sep 8 22:06:31 EDT 2013

On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
> Perhaps you don't see the big worry, but real world experience says it 
> is something everyone else should worry about anyway.

I overstated it.

Good random numbers are crucial, and like any cryptography, exact 
details matter.  Programmers are constantly making embarrassing 
mistakes.  (The recent Android RNG bug, was that Sun, Oracle, or Google?)

But there is no special reason to worry about corrupted HW RNGs because 
one should not be using them as-is, there are better ways to get good 
random data, ways not obvious to a naive civilian, but still well known.

Snowden reassured us when he said that good cryptography is still good 
cryptography.  If that includes both hashes and cyphers, then the 
fundamental components of sensible hybrid RNGs are sound.

Much more worrisome is whether Manchurian Circuits have been added to 
any hardware, no matter its admitted purpose, just waiting to be activated.


More information about the cryptography mailing list