[Cryptography] RNG exploits are stealthy

Jerry Leichter leichter at lrw.com
Fri Feb 21 14:38:53 EST 2014

On Feb 21, 2014, at 7:25 AM, Peter Gutmann wrote:
>> Your code is getting better *because you're improving it* by incorporating
>> new sources.  Had you simply left the code alone to forever depend on the
>> sources you started with, it might get better or worse, but silently, and
>> without you ever knowing.
> Not really.  The means of collecting environmental data just returns a memory
> blob of whatever's available on the system.  One day/month/year it might be 5K of data, the next it could be 20K as more hardware-monitoring sources are
> supported by system hardware and software.  So it is silently getting better,
> but not because of any changes in my code (once the initial get-environment-
> noise code has been written).
So there *is* new code .... but you're not making me feel any better about it.  Assume I'm using your system.  Now, rather than relying on new code written by Peter Gutmann - who I have some reason to trust on such matters - I'm relying on new code written by someone I've never heard of, whose expertise is in drivers for various kinds of environmental sensors.

In fact, it's some collection of people, some of whom I probably would *not* trust.  Writing drivers for some environmental sensor, whose output will be mixed with output of other environmental sensors - if my job were to sabotage the RNG on a system, I can't think of a better place to be.  I can think of *all kinds* of "improvements" to, say, some common code that helps out in developing such drivers.  And the improvements *will* actually help in using the sensors as, well, sensors.  That they also happen, say, to induce much more correlation among apparently-independent sensors - well, that's just a minor side-effect.
                                                        -- Jerry

More information about the cryptography mailing list