[117636] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Build a better OTP?

daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 7 18:28:13 1999

Date: Wed, 8 Sep 1999 00:00:57 +0200 (CEST)
Message-Id: <199909072200.AAA10410@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Reply-To: Anonymous <nobody@replay.com>

> > Keep in mind that from the marketing point of view, Windows is used
> > far more than Linux.  Very few manufacturers support Linux compared to
> > Windows, so it is not fair to single Intel out for this criticism.
>
> The number of manufacturers that "support" Linux is irrelevant. The
> proper question is what proportion of Intel systems with security
> applications that could use the RNG run non-Microsoft operating systems.

And the answer is, only a few percent.  Virtually every Intel PC can
use the RNG in security applications, including SSL, S/MIME, PGP, and
the many forthcoming electronic commerce security systems.  Hence the
answer to your question is the same as asking what propertion of Intel
systems run non-Microsoft operating systems.

As was noted previously, Linux is assuming increasing importance and
Intel does recognize this.  However the knee-jerk fanaticism which your
message so richly illustrates is a formidable stumbling block given the
previously cited constraints which Intel is observing.

> > The question is, if Intel released an object-code-only driver for Linux,
> > would it do more harm than good?  Isn't it likely that they would be
> > blasted even more than they are now for failing to understand the Linux
> > community?  This is not even rising to the question of open source and
> > copyleft; this is the more basic question of whether a .o file would
> > even be used by Linux developers.
>
> Please stop blaming Linux for the world's problems.
>
> My experience has been that source code is a requirement for any
> security critical system due to auditing and validation requirements. It
> doesn't matter what operating system is being used.

Perhaps your experience could explain, then, why the majority of security
applications do not reveal their source code.  Perhaps you could explain
why RSA's BSAFE is such a successful and widely used crypto library
(a fact of which you may not have been aware, stuck off in your little
Linux corner of the world).  Perhaps you could explain why Microsoft CAPI
is the foundation for what are by far the most used crypto applications,
SSL based browsers.

The fact is, this "experience" is nothing more than your prejudice and has
no connection to the real world of security applications.  Auditing and
validation have been handled in the security field for decades without
release of source code, precisely in the manner which Intel is following:
review and validation by highly competent professionals.

Take a couple of specific examples.  PGP's random number generator has
been around for almost ten years.  /dev/random uses some of the same
principles and has been around since 1994.  Both of these have source code
available.  But how much review of them has their been?  Virtually zero.
Bill Geiger posts a message a few months ago and suddenly everyone
realizes that the emperor has no clothes.  Many of the concerns about
/dev/random apply to the PGP random generator as well.  All those years
of source code availability did nothing to make this software secure.

> Supplying an object file and saying "trust us" doesn't cut it. This
> isn't a question of Open Source theology, it is good design practice for
> a security critical system.

The historical record, as compared to your fictitious experience, shows
that source code availability has virtually no correlation to security
and reliability.  The only way to get good, secure designs is to have
experts do a serious review.  This is what Intel is done, and this is
what Linux has not done, although Schneier and his people have begun
some initial reviews (which have not been at all favorable).

Any objective comparison between the quality of the Intel RNG and that
of /dev/random can lead to only one conclusion: that the Intel RNG is
by far the superior design.  All the Open Source mantras in the world
won't change that.


home help back first fref pref prev next nref lref last post