[Cialug] Complete C source online
Zachary Kotlarek
zach at kotlarek.com
Wed Jul 24 18:12:23 CDT 2013
On Jul 24, 2013, at 3:58 PM, Eric Junker <eric at eric.nu> wrote:
> While I don't know how likely it is, there is some speculation that the NSA may have a "backdoor" into the random number generator.
>
> http://cryptome.org/2013/07/intel-bed-nsa.htm
That's always possible. If you're worried about such things, and you've actually taken the time to review the the source code, you can use the RdRand (or RdSeed, which provides multiplicative entropy guarantees) output to seed a public PNRG.
Then again, if you're going to worry about your instructions not being faithfully executed you shouldn't limit your concern to the RNG -- the CPU could lie to you in all sorts of ways. It could look for sequences that resemble DH exchanges and record the secret for later use along with your current IP address and timestamp of the key exchange. That would defeat even PFS exchanges by keeping track of the ephemeral data.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20130724/a702e747/attachment-0001.bin>
More information about the Cialug
mailing list