It is really, really hard for me to see this as anything other than utter paranoia. As one of the messages in the thread stated:<p>> Right. How exactly would you backdoor an RNG so (a) it could be effectively used by the NSA when they needed it (e.g. to recover Tor keys), (b) not affect the security of massive amounts of infrastructure, and (c) be so totally undetectable that there'd be no risk of it causing a s<i></i>tstorm that makes the $0.5B FDIV bug seem like small change (not to mention the legal issues, since this one would have been inserted deliberately, so we're probably talking bet-the-company amounts of liability there).
The comments about RdRand being impossible to verify because it's on-chip seem quite reasonable. (Although Intel have tried to be quite open about how it works. <a href="https://sites.google.com/site/intelrdrand/references" rel="nofollow">https://sites.google.com/site/intelrdrand/references</a>)<p>I have no idea if RdRand is the <i>only</i> source of entropy for /dev/urandom in the kernel these days but that does seem quite silly. Especially as RdRand is documented as having two error conditions, not enough entropy, and that the hardware appears to be broken.<p>In any case, here's the LKML thread where it was merged too <a href="http://thread.gmane.org/gmane.linux.kernel/1173350" rel="nofollow">http://thread.gmane.org/gmane.linux.kernel/1173350</a>
If the NSA is working with Intel, they're not going to bother with an RNG... The processor is the most trusted part of the computer security model - why would you choose bad random numbers as your attack vector?<p>Relevant talk: Hardware Backdooring is Practical - Jonathan Brossard <a href="https://www.youtube.com/watch?v=j9Fw8jwG07g" rel="nofollow">https://www.youtube.com/watch?v=j9Fw8jwG07g</a>
This issue just does not pass the rubber hose test. If the NSA wanted and got a backdoor in intel chips there are so many better ways to do it than introducing a bad hw rng. If you wanted one exploit in the chip, why would you pick a hard to exploit one and user controlled one on top of that? It's classic paranoid thinking: People have a choice to use the hw rng or not. So it becomes a big deal. All the while not addressing the non-choice issue like having a potential backdoor triggered by a specific instruction sequence.
It's safe to assume every core technology company has been compelled to be in bed with the NSA in <i>some</i> form or another. Intel has been anti-trust managed by the government for nearly two decades. Getting access to the monopoly desktop / laptop processor maker would be far too rich a target to ignore.
Would appreciate some sort of a summary. Reading some mile long email exchange just to figure out what the headline is really about makes it kinda tricky.
I upvoted but the current title ("Is Linus Tovalds 'evil'?") is downright horrible and I hope a mod will revert it to the original one soon.
Submitted a question here: <a href="http://crypto.stackexchange.com/q/9210/2512" rel="nofollow">http://crypto.stackexchange.com/q/9210/2512</a><p>Feel free to edit the question if you have anything to add!
Hanlon's razor help in this kind of discussions. Maybe when Linus took that option didn't saw Intel as something that would intentionally make predictable its RNG for following government orders, and just choose to not reimplement the wheel where it was already available.<p>Would he take another option since last month? Maybe in the light of this he could take back that choice.
Did anybody look @ <a href="http://leitl.org/" rel="nofollow">http://leitl.org/</a><p>This email could just as easily be the musings of an insane person, which is what's suggested by the contents of the website.
One reason it would be a poor decision for the NSA to recommend Intel backdoor the RNG: Intel would be in a position to sell/leak the backdoor secret to other governments.<p>The NSA would have no way of blocking it from being used to attack the US. And you can't roll out a hotfix for billions of CPUs worldwide.
Doesn't the NSA end up using these machines as well? It seems like a lot of work to introduce a flaw that you have work around for you own use later. And if it's a hardware flawu, I doubt even the NSA could demand intel or amd manyfacture seperate batches for their own use.