[Cryptography] Apple's Early Random PRNG

Mon Mar 17 17:44:34 EDT 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/17/2014 02:16 PM, tytso at mit.edu wrote:
> On Mon, Mar 17, 2014 at 08:48:37PM -0000, dj at deadhat.com wrote:
>>> 
>>> Early in the boot process is a difficult but an interesting
>>> point of vulnerability.
>> 
>> RdRand works from the first instruction executed. This is a
>> pretty basic requirement for a system RNG. You should expect your
>> device vendors to meet that requirement.
> 
> If anyone has any suggestions about how to influence ARM SOC
> vendors to provide something liek RDRAND, short of compromising
> photos from web cams of company execs provided courtesy of GCHQ
> :-), I'm sure lots of people would appreciate any ideas....

What is known about the patent tangle and other costs of RdRand?

i.e. is it expensive IP or simply transistor power budget.

The SOC world is driven by pennies in their cost of goods.
The best two places to address this is at ARM. and
also from the portable device market (phones, tablets).
Following this will be point of sales devices like those
that caused Target so much.

Consider the impact of Target mandating all point of sale
hardware requiring RDRAND.  Software cannot use what does
not exist.

There are other public facing security experts and consultants
that could ask "why is RDRAND an option in the modern world"?

Next might be modem, printer and scanner vendors.