RE: TPMs and random numbers

From: Johnston, DJ
Date: Wed Sep 11 2013 - 18:09:12 EST

Next message: Dave Hansen: "[RFC][PATCH] mm: percpu pages: up batch size to fix arithmetic?? errror"
Previous message: Frederic Weisbecker: "Re: [RFC] Restrict kernel spawning of threads to a specified set ofcpus."
In reply to: JÃrn Engel: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>-----Original Message-----
>From: Andy Lutomirski [mailto:luto@xxxxxxxxxxxxxx]

>A TPM that has an excellent internal entropy source and is FIPS 140-2 compliant with no bugs whatsoever may still use Dual_EC_DRBG, which looks increasingly likely to be actively malicious.

You can look up the FIPS certification to see which algorithms were approved. The Dual_EC_DRBG always looked suspect to me, which is one reason why it wasn't used in RdRand. The other is that the core crypto function doesn't do dual duty as an entropy extractor like AES hardware does with AES-CBC-MAC and AES-CTR-DRBG.

DJ

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Hansen: "[RFC][PATCH] mm: percpu pages: up batch size to fix arithmetic?? errror"
Previous message: Frederic Weisbecker: "Re: [RFC] Restrict kernel spawning of threads to a specified set ofcpus."
In reply to: JÃrn Engel: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]