| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Sep 2013 22:08:45 +0000 From: "Johnston, DJ" <dj.johnston@...el.com> To: Andy Lutomirski <luto@...capital.net>, David Safford <safford@...ibm.com> CC: "H. Peter Anvin" <hpa@...or.com>, Leonidas Da Silva Barbosa <leosilva@...ux.vnet.ibm.com>, Ashley Lai <ashley@...leylai.com>, "Rajiv Andrade" <mail@...jiv.net>, Marcel Selhorst <tpmdd@...horst.net>, Sirrix AG <tpmdd@...rix.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Jeff Garzik <jgarzik@...ox.com>, Ted Ts'o <tytso@....edu>, Kent Yoder <key@...ux.vnet.ibm.com>, David Safford <safford@...son.ibm.com>, Mimi Zohar <zohar@...ibm.com> Subject: RE: TPMs and random numbers >-----Original Message----- >From: Andy Lutomirski [mailto:luto@...capital.net] >A TPM that has an excellent internal entropy source and is FIPS 140-2 compliant with no bugs whatsoever may still use Dual_EC_DRBG, which looks increasingly likely to be actively malicious. You can look up the FIPS certification to see which algorithms were approved. The Dual_EC_DRBG always looked suspect to me, which is one reason why it wasn't used in RdRand. The other is that the core crypto function doesn't do dual duty as an entropy extractor like AES hardware does with AES-CBC-MAC and AES-CTR-DRBG. DJ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists