|
Title: Linux gets better random generators, but can Intel be trusted? Post by: corebob on December 15, 2013, 05:28:19 PM After reading this http://www.phoronix.com/scan.php?page=news_item&px=MTU0NDM I get the impression that Intel/VIA is up to no good.
Anyone know what the Intel issue really is? Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: Cryptolator on December 15, 2013, 05:37:11 PM Scary stuff, anybody has enough knowledge to reassure us ? ???
Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: Carlton Banks on December 15, 2013, 09:26:45 PM When you say "Linux", you mean "FreeBSD". Which is a different system to Linux. I understand that Linux already uses a software based RNG entropy source.
Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: moni3z on December 15, 2013, 09:53:58 PM Theodore T'so the guy who maintains /dev/urandom for the Linux kernel talks about this on his google+ page. Some redhat engineers tried to force in direct RDRAND entropy sources and since he doesn't trust Intel he ripped it out. Intel's TRNG engineer got uppity nobody trusts his microscopic entropy source none of us can test. FreeBSD use yarrow so no idea why this is a big deal to them they wouldn't ever blindly use Intel as a TRNG anyways and neither would OpenBSD.
The reason why Intel TRNG exists in the first place is because of servers with no human interaction. /dev/random might be handing out poor RNG thus RDRAND was created. Due to out of control stasi police state nobody can trust Intel no matter what they say because 1) microscopic TRNG we can't test easily and 2) NSA diddling the chips during manufacture without Intel even knowing by flooding their corp with agent employees. Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: Baldassare on December 15, 2013, 09:57:00 PM Another reason that Intel TRNG exists is that it is fast. But not guaranteed to be unpredictable :)
Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: corebob on December 15, 2013, 11:02:57 PM I actually tried to install FreeBSD 10 with encrypted zfs the other day. Unfortunately I could never boot into the new system as it refuses to accept the disk password I type in during boot.
Maybe I should give it another try. Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: justusranvier on December 15, 2013, 11:13:45 PM 2) NSA diddling the chips during manufacture without Intel even knowing by flooding their corp with agent employees. I wonder how much of Microsoft's reputation for building insecure software is due to this effect.Title: Re: Linux gets better random generators, but can Intel be trusted? Post by: moni3z on December 16, 2013, 12:53:30 AM Well Microsoft hands over bugs to the NSA/FBI freely for them to exploit according to Snowden docs. Much like Bruce Scheneir said these hardware/software backdoors are designed to look like mistakes and incompetence so they can deny they were puposely put in to exploit. Makes you wonder about all those MS bugs and of course Redhat bugs since it's being used for govt servers worldwide. Then again I can only imagine how many multi millions of LOC are in MS kernels they have no hope of debugging properly
Doesn't help that research paper showing a malicious actor can alter chip gates after manufacturing without anybody knowing and then exploit them later to put it in Ring 0 or flip NX bit off. Gonna have to dig out your 90s 386sx and load up openbsd on it to avoid hardware backdoors because probably everything now has one. Break out the punch cards and abacuses |