[117730] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Build a better OTP?

daemon@ATHENA.MIT.EDU (Anonymous)
Thu Sep 9 14:39:55 1999

Date: Thu, 9 Sep 1999 20:24:03 +0200 (CEST)
Message-Id: <199909091824.UAA17065@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Reply-To: Anonymous <nobody@replay.com>

>   >> [...RNG whitening code...]
>
>   > Well, putting it on the chip sure ain't the right place.
>
> Why do you say that?  It seems like it has a lot in common with
> the microcode I write for PowerPC devices here at Motorola.  

Because it's too damn big!  We're talking something like SHA-1 here,
at least that's what they use in the library.  It has 512 bits of input,
160 bits of state variables, and 80 iterations involving four different
kinds of transformations.

The RNG currently consists of two thermal resistors, two oscillators,
and the simple state machine to detect 1-0 and 0-1 transitions.  The
state machine itself is about half the total area of the RNG circuit.
Adding SHA-1 is going to make it at least ten times bigger.  The whole
RNG circuit is crammed into the edges of the bus control chip.  There is
simply no room for SHA-1 on that chip.

In the face of these engineering realities, what is the argument for
putting the whitening on the chip?  It is fundamentally ideological.
We have the ideological allegiance to open source software, the
ideological distrust of big business as providers of secure technology,
the ideological paranoia which leads Rabbit Wombat to stick with 486
class technology.

The facts remain that open source has never been a source of security,
that big business has good reason to produce trustworthy parts and
mechanisms to do so, and that paranoia must be tempered with realism.

The risks of intentional backdoors are no worse with the Intel RNG than
with many other hardware and software components we use all the time.
The design is strong, and the mechanisms in place to detect accidental
failures are extensive and appropriate, according to the independent
review.  A company like Intel can achieve market penetration of their RNG
technology beyond anything imaginable for any add-on board.  This is by
far the best approach for getting secure, reliable random numbers into
the maximum number of systems.


home help back first fref pref prev next nref lref last post