Author

Topic: Linux gets better random generators, but can Intel be trusted? (Read 710 times)

hero member
Activity: 899
Merit: 1002
Well Microsoft hands over bugs to the NSA/FBI freely for them to exploit according to Snowden docs. Much like Bruce Scheneir said these hardware/software backdoors are designed to look like mistakes and incompetence so they can deny they were puposely put in to exploit. Makes you wonder about all those MS bugs and of course Redhat bugs since it's being used for govt servers worldwide. Then again I can only imagine how many multi millions of LOC are in MS kernels they have no hope of debugging properly

Doesn't help that research paper showing a malicious actor can alter chip gates after manufacturing without anybody knowing and then exploit them later to put it in Ring 0 or flip NX bit off. Gonna have to dig out your 90s 386sx and load up openbsd on it to avoid hardware backdoors because probably everything now has one. Break out the punch cards and abacuses
legendary
Activity: 1400
Merit: 1013
2) NSA diddling the chips during manufacture without Intel even knowing by flooding their corp with agent employees.
I wonder how much of Microsoft's reputation for building insecure software is due to this effect.
full member
Activity: 238
Merit: 100
I actually tried to install FreeBSD 10 with encrypted zfs the other day. Unfortunately I could never boot into the new system as it refuses to accept the disk password I type in during boot.
Maybe I should give it another try.
member
Activity: 67
Merit: 10
Another reason that Intel TRNG exists is that it is fast. But not guaranteed to be unpredictable Smiley
hero member
Activity: 899
Merit: 1002
Theodore T'so the guy who maintains /dev/urandom for the Linux kernel talks about this on his google+ page. Some redhat engineers tried to force in direct RDRAND entropy sources and since he doesn't trust Intel he ripped it out. Intel's  TRNG engineer got uppity nobody trusts his microscopic entropy source none of us can test. FreeBSD use yarrow so no idea why this is a big deal to them they wouldn't ever blindly use Intel as a TRNG anyways and neither would OpenBSD.

The reason why Intel TRNG exists in the first place is because of servers with no human interaction. /dev/random might be handing out poor RNG thus RDRAND was created. Due to out of control stasi police state nobody can trust Intel no matter what they say because 1) microscopic TRNG we can't test easily and 2) NSA diddling the chips during manufacture without Intel even knowing by flooding their corp with agent employees.
legendary
Activity: 3430
Merit: 3080
When you say "Linux", you mean "FreeBSD". Which is a different system to Linux. I understand that Linux already uses a software based RNG entropy source.
hero member
Activity: 508
Merit: 500
Scary stuff, anybody has enough knowledge to reassure us ?  Huh
full member
Activity: 238
Merit: 100
After reading this http://www.phoronix.com/scan.php?page=news_item&px=MTU0NDM I get the impression that Intel/VIA is up to no good.
Anyone know what the Intel issue really is?
Jump to: