[Cryptography] Auditing rngs
Krisztián Pintér
pinterkr at gmail.com
Tue Jan 21 14:15:01 EST 2014
John Kelsey (at Tuesday, January 21, 2014, 6:55:44 PM):
> However, it requires building a "leak the entropy input
> of my drbg" functionality into your HSM, which has some pretty
> obvious bad potential uses.
i think this reasoning is incorrect. it is security through obscurity.
we don't want the errors in our entropy source to be secret. we want
no errors there. in fact, we want direct access to the rawest output
of the TRNG, as well as complete information on how it works including
schematics, statistics, exact location on chip and all. we need full
disclosure.
isn't it the same situation as open source vs closed source? according
to the "secrecy is another layer of defense" argument, open source
should be less secure. the exact opposite is happening.
and i haven't even talked about the trust. post snowden, post RSA
debacle, post dual_ec, we want openness and honesty above all.
ask intel how happy they are with the acceptance of rdrand. i would
bet they are not so happy.
More information about the cryptography
mailing list