On Wed, Feb 02, 2000 at 03:24:53PM -0500, Arnold G. Reinhold wrote:
> At 9:15 AM -0800 2/2/2000, Eric Murray wrote:
> >I've also received Intel security info under NDA (and nothing in
> >this post will violate same). I do not think that your point D is
> >fair- even if the Intel RNG is totally and utterly compromised, it's
> >not a threat to your security just by being there on the chip.
> >Something has to call it and use it's output in a protocol.
> >I do agree with point B however.
>
> The threat to my security from Intel's RNG "just by being there on
> the chip" is that more and more encryption products will come to rely
> on the Intel RNG alone, or combined with some inadequate source of
> entropy like the system clock.
I see that as a general security engineering problem- it's not just Intel's
RNG which could be misused in this way, and people who write
crypto products can use poor/untrusted sources of entropy
other than Intel's RNG.
If you think that using untrusted/unverified/unknown RNGs is a problem,
then object-only crypto libs like BSAFE and MSCAPI are much more of a
problem than the Intel RNG currently is.
> Worse, more and more software vendors
> will adopt Intel's "trust us" attitude, and refuse to divulge details
> of their randomness generation. Some may even attempt to block
> reverse engineering that would expose their weaknesses, a la CSS.
Intel only wishes that they had that much power! :-)
I see the general trend going the other way, towards openness.
Not that we can relax vigilance however.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
