Tweet
Can't Intel / AMD simply document what they made? And someone can possibly verify it.
-
-
It's pretty hard to verify as long as it is inside an IC and the only interface to operate it is a CPU instruction, as you have 0 access to the actual hardware doing the work, it's all behind a screen.Originally posted by shmerl View Post
If they implemented it in some external module over some normal interface then yeah you could verify it.
Like (and here comes the shilling) the ChaosKey, a off-the-shelf ubiquitous microcontroller running a opensource firmware that is basically just taking measurements of the noise generated by a dumb electronic circuit that is also open hardware, and sending the entropy over USB 1.1 connection to the system.Comment
-
The only way to boot my system right now (Sandy Bridge) is to install rng-tools and enable the jitter entropy source.Comment
-
Wait a second.
Why does hashtable generation require a random seed? Are the hash functions modified every boot? If yes, what is the purpose of this, and why is it so security relevant that making it use only good quality random numbers is even an option?Comment
-
Even if they fully documented exactly what their hardware does, how would anyone know that the info released actually matches what the hardware in silicon is doing? Anyone could have messed with the design at the factory and introduced a flaw... On top of which, there are open software encryption implementations like Speck which anyone can look at, and try to find flaws in, and nobody can - yet lots of people still think there's a flaw in there somewhere and people just haven't found it yet. It's an extremely complex field and experts in it are few and far between.Originally posted by shmerl View Post
The bottom line is you have to either make a choice to choose to trust them, or not. It's impossible to prove a negative.Comment
-
If you know the seed of an hashmap, you can DOS it by making it save objects in the least optimal way. This is also quite dangerous for web services.Originally posted by soulsource View Post
That said, it's a rather weak attack here. Most people definitely don't need to worry
Last edited by treba; 26 August 2018, 03:28 PM.Comment
-
you are unable to think. this entire process of you trying to think could be completely removed and absolutely nobody would notice, It is utterly unnecessaryOriginally posted by duby229 View Post
Comment
-
no, in reality it shouldn't be that, reality is completely different. that parameter is function parameter and that function with that parameter existed before. when high quality was not required and randomness was not available from kernel that function returned error. now it tries to use rdrand and then prng.Originally posted by cybertraveler View PostLast edited by pal666; 26 August 2018, 11:06 PM.Comment
-
if you have any say on what keys go to this container. like if you are authoring service files, but then you could dos your system anywayOriginally posted by treba View Post
Comment
-
hashtables degenerate into lists if you put keys with same hash value there. so be smart and use something better like rbtreesOriginally posted by soulsource View PostComment
Comment