Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Random number generation being influenced - rumors

Eugen Leitl eugen at
Sat Sep 7 10:26:09 PDT 2013

On Sat, Sep 07, 2013 at 06:21:00PM +0300, Maxim Kammerer wrote:

> I agree; I misread the Intel documentation previously, and inferred
> that CTR_DRBG and other high-level algorithms are implemented in
> microcode, with ES being accessible to it (and to reverse engineers)
> directly. Personally, I wouldn't trust an embedded engineer to
> implement bubble sort correctly, and see no reason to trust them with
> security-critical implementations, even if one assumes no malice or

There is a hardware RNG in the AMD Geode LX. I tried very hard to 
find any documentation, but found effectively nothing.

Am I that bad at searching, or this really a black box?

> subversion of production process. In Google+ thread referenced above,
> David Johnston (Intel engineer in charge of RDRAND) claimed that all
> the specs are open and accessible; when I mentioned that the AES block
> size in CTR_DRBG is not even specified, I received no response (of
> course). Also, proponents of feeding RDRAND directly into
> /dev/[u]random ignore the AES-reducibility of any cryptosystem that
> uses RDRAND in that fashion.

More information about the liberationtech mailing list