[117638] in Cypherpunks
Re: Build a better OTP?
daemon@ATHENA.MIT.EDU (William H. Geiger III)
Tue Sep 7 18:56:31 1999
Date: Tue, 7 Sep 1999 18:37:05 -0400
Message-Id: <199909072236.SAA13689@domains.invweb.net>
From: "William H. Geiger III" <whgiii@openpgp.net>
To: Multiple recipients of list <cypherpunks@openpgp.net>
Reply-To: "William H. Geiger III" <whgiii@openpgp.net>
In <199909072020.WAA22641@mail.replay.com>, on 09/07/99
at 10:20 PM, Anonymous <nobody@replay.com> said:
>> Well it would be a rather tempting target for them to compromise. What's
>> Intel's market share, 80-90%? And if you can get nearly all the crypto
>> software running on those systems all using the same RNG? Even better yet
>> one that has not, and most likely will not, be peer reviewed?
>But it has been peer reviewed, by what is probably the single group of
>people most qualified and most expert in this area, Paul Kocher and his
>associates at Cryptography Research.
Sorry but, with no disrespect to Paul & Ben, what they did is *not* peer
review.
>> I have not talked to Ben or Paul but from Lucky's post:
>>
>> "Anyway, what Ben and Paul analyzed were the design assumptions, the
>> design, and data provided to them by Intel."
>>
>> It would seem to me that they didn't do any actual testing of the RNG!!
>It would? Well, perhaps you should not rely so heavily on what Lucky
>says. Perhaps you should ask Paul and Ben, or, hey, here's a thought,
>perhaps you should even read the report! It clearly states, in section
>4, that Cryptography Research performed their own series of tests.
Perhaps *you* should re-read section 4:
"... we have analyzed Intel's design assumptions, design, and testing
procedures, as well as performed statistical tests on RNG output data.
For this review, Cryptography Research performed a series of tests and
evaluated the results of experiments performed by Intel. Raw data and
design specifications for the analysis were provided by Intel."
It clearly states that the specifications and raw data came directly from
Intel. They did no actual testing of the RNG!!
>> It reminds me of a while back when I noticed a trend of crypto programmers
>> switching to the use of /dev/random on the *nix platforms. I decided to
>> look into it and see what analysis had been done of the program as I was
>> interested in using it for a project. To my surprise very little review
>> had been done at all (actually no formal papers had been written on it).
>> After bringing it to the attention to the FreeWan group and others an
>> intense discussion ensued (actually it's still going on). It got people
>> interested in analyzing the program, weaknesses were found when used in
>> certain environments, and the author has produced a couple of updates to
>> the code to address some of the issues raised.
>The difference is that /dev/random had not been subjected to any review,
>but the Intel design has. And the CR reviewers are the best in the
>field. If they were to look at /dev/random you can be sure they would
>have shot it so full of holes it would look like /dev/swisscheese.
>> The thought of the majority of crypto dependent on an untested and
>> untrustworthy RNG is very scary.
[ad hominem attacks sniped]
Your continued ad hominem attacks are very droll. Either you can address
the security concerns involved here or you can not, so far you have not.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------