[Cryptography] Intel SGX: Augean stables piled higher & deeper?
Henry Baker
hbaker1 at pipeline.com
Wed May 20 09:19:21 EDT 2015
At 06:02 AM 5/20/2015, Peter Gutmann wrote:
>Henry Baker <hbaker1 at pipeline.com> writes:
>
>>Mathematical proof?
>
>Because all of the existing security mechanisms we use also have rigorous mathematical proofs?
No. But many/most hardware "improvements" come with serious glitches that are only appreciated in hindsight.
Since SGX is intended as an "improvement" in security, it deserves a much higher level of scrutiny than do other types of HW improvements. In particular, it deserves some sort of proof that this "improvement" didn't inadvertently (or not: NSA) introduce additional bugs/insecurities.
We spend endless hours debating random number generators, but modifications like this get a pass. How come?
More information about the cryptography
mailing list