[Cryptography] Entropy Attacks!

ianG iang at iang.org
Mon Feb 24 07:41:46 EST 2014 

(I agree that attacking the code in some future programmed sense from
within the CPU is just too cumbersome to be considered a high priority
threat.)

On 21/02/2014 18:37 pm, Theodore Ts'o wrote:
> On Fri, Feb 21, 2014 at 01:18:22AM -0500, John Kelsey wrote:
>>
>> This is probably pointless paranoia, since if the CPU you're running
>> on is evil, it's probably impossible to get much security.  But
>> assuming the Intel RNG is good, seeding your system RNG in this way
>> would work just fine.
> 
> I'm willing to believe that the Intel RNG might be evil, since it's a
> standalone component inside the CPU.  However, compromising the
> execution engine such that you can snoop on memory, etc., would
> require at least 10x to 100x more engineers to be able to figure out
> that the CPU was doing something evil --- only one of which has to be
> have the courage and bravery of Snowden to leak the information to the
> whole world.


I would hope so too, but I think the numbers are against us.  There are
O(1m) people in USA with top-secret clearances, and O(10) whistle
blowers.  Do the division.  From my experience with large organisations,
they happily do evil things, and very few people would ever think of
being a whistleblower.

And why would you?  It ruins your life.  I've not been one, but I've
watched the results.  Unemployment, poverty, deaththreats, random arms
of the government searching for anyway to take your head even after
status has been granted.

How many people put their life before some vague moral principle, and
for what?  Because Intel has some nice special government business?

Nothing to see here, move on.


...
> The NSA could get much better bang for its buck by suborning someone
> inside a certifying authority.  Give what we know of some of the
> "mistakes" made by CA's, perhaps they may have done so already, and
> those were really failed operations that couldn't be kept secret.

Indeed.  http://wiki.cacert.org/Risks/SecretCells/ThreatsAndAssumptions

But we also now know that they don't do just one thing.  They do
everything.  Everything they can think of, including hacking into games
machines.  Which is decidedly annoying, we now have to defend against
everything.

And we have to get economic about it, which is sort of what they are
doing:  going after everything according to their unlimited budget.



ps; in terms of the permathread on RNGs, there is Dan's google-group if
one can join that.

iang

More information about the cryptography mailing list