[cryptography] Which encryption chips are compromised?

[coderman]

On Thu, Dec 12, 2013 at 8:04 AM, Steve Weis <steveweis at gmail.com> wrote:
> ...
> The document is talking about FY2013.  IVB already shipped in 2012. I'd
> guess it was fabricated for testing in 2009-2010 and designed for a few
> years prior.
>
> What enablement would be "complete" in 2013 for something that has been on
> the market a year and is already being phased out?

the bulk of 2012 was consume user hardware.  the endpoint is a totally
solved problem (read: trivial to exploit in many ways, all day, every
day, per the docs)

only server Ivy Bridge: Xeon E3 in mid-2012.

the cores pushed in the SDN initiatives above came out not so many months ago...

high capacity crypto aggregation points like this are an ideal target,
with backdoor keying of VPN/SSL the ideal (passive) attack with their
view of target's long haul fiber.



> By 2013, Intel had already started shipping Haswell. They did launch new IVB
> E5v2 Xeon server processors this fall, but future CPUs will be Haswell and
> Broadwell.
>
> Intel already has the next, next generation Skylake with SGX fabricated for
> testing.

but not released, and "enabling" means tied into X-KEYSCORE,
TRAFFICTHIEF, whatever else gets draped off UPSTREAM...



> I still think the document is talking about a dedicated crypto chip for VPN
> and SSL acceleration devices, just like it says.

the backdoors for all the other vendor hardware happened in years
prior.  HSMs and crypto accelerator gear is not exactly a vibrant or
competitive market.  in fact, these companies never seem to die, just
carry on with decent margins riding on incremental design upgrades
until they're bought out by a larger/growing competitor. ;)


of course, this could be because companies like Sun charge $9,999 for
an HSM/accelerator that is at best a reasonable cost at $1,499...