Intel to also add RNG

Perry E. Metzger perry at piermont.com
Mon Jul 12 09:22:51 PDT 2010


On Tue, 13 Jul 2010 03:58:51 +1200 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Ben Laurie <benl at google.com> writes:
> >On 2 July 2010 13:19, Eugen Leitl <eugen at leitl.org> wrote:
> >>
> >>http://www.technologyreview.com/printer_friendly_article.aspx?id=25670&channel=Briefings&section=Microprocessors
> >>
> >>Tuesday, June 29, 2010
> >>
> >>Nanoscale Random Number Circuit to Secure Future Chips
> >>
> >>Intel unveils a circuit that can pump out truly random numbers at
> >>high speed.
> >
> >Have they forgotten the enormous amount of suspicion last time
> >they tried this?
> 
> You mean rampant paranoia from a small group of people... if you
> are genuinely worried about this, just use it as another input to
> mix into your entropy pool (which you should be doing anyway, never
> trust a single source of entropy). I'd be quite happy to use the
> RNG on a Loongson CPU (if there was one) in this manner, let alone
> an Intel CPU.
> 
> What killed it wasn't paranoia about Intel but their almost total
> lack of interest in supporting it once the initial media attention
> waned.  This doesn't look any different, note that it's not saying
> "This will be in Core2's starting August" but "We've done this in
> the lab".

It is disturbing to me that people oppose this so much.

For a lot of applications -- servers run in isolation, networking
equipment, etc. -- having hardware RNGs available is a really big win,
because there is no good local source of randomness. (We had a long
discussion of ways to mitigate this some time ago.) Plugging in an
external unit is not going to happen in practice. If it isn't nearly
free and built in, it won't be used.

I would suggest that in most cases, you are better off with a very
very mildly untrusted but ubiquitous hardware RNG than with the kinds
of kludges to get random numbers on unattended hardware we end up with
in the real world.

BTW, let me note that if Intel wanted to gimmick their chips to make
them untrustworthy, there is very little you could do about it. The
literature makes it clear at this point that short of carefully
tearing apart and analyzing the entire chip, you're not going to catch
subtle behavioral changes designed to allow attackers backdoor
access. Given that, I see little reason not to trust them on an RNG,
and I wish they would make it a standard part of the architecture
already.


Perry
-- 
Perry E. Metzger		perry at piermont.com





More information about the cypherpunks-legacy mailing list