hypothetical microcode based attack on linux random number generator

I haven't heard of anyone else articulating this particular hypothetical attack on random number generation as done on Linux. The gist of it is that the way the Linux kernel mixes in RDRAND outputs into the random number generator algorithm's output makes it possible for the latter to be weakened/substituted. A weakened random number generator can be used to undermine the cryptographic software that secures everything from Internet traffic to files stored safely at home: this part is established fact & practice.

This particular vulnerability exists because of a few factors:

  • LKML's attraction to performance & simplicity over certain types of robustness & expertise, and
  • our acceptance of opaque software that can change the operation of our computers for better or for worse, and
  • a legal regime, such as the one in the US, that enables a government to force Intel or other companies to include such backdoors and tell nobody.
The former is a matter of educating developers. The second is a matter of educating the world about the value of openness in their computing systems. The last is a matter of tyranny politics. My hope is that the first two can trump the last.

UPDATE: Here's a thread on HN with almost the same idea. A few folks at this thread got the same idea.
fche Friday 18 October 2013 - 06:11 am | ΒΆ | tech

One comment


Update: http://www.metzdowd.com/pipermail/crypto.. appears to defend against this hypothetical attack.

Frank, - 20-12-’13 16:36
(optional field)
(optional field)
To prevent automated comment-spam we require you to answer this silly question.
Remember personal info?
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.