Re: [PATCH] (0/4) Entropy accounting fixes

Oliver Xymoron (oxymoron@waste.org)
Mon, 16 Sep 2002 20:18:34 -0500


On Mon, Sep 16, 2002 at 03:51:56PM -0700, dean gaudet wrote:
> On Mon, 9 Sep 2002, Oliver Xymoron wrote:
>
> > making the RNG guessable is relatively easy. On the other hand
> > determining whether a given snippet of code is doing RSA, etc. is
> > equivalent to solving the halting problem, so it's seems to me pretty
> > damn hard to usefully put this sort of back door into a CPU without
> > sacrificing general-purpose functionality.
>
> while the general problem is certainly halting-problem level of
> complexity, there's a much more simple problem which amounts to string
> matching. the simple problem is "is this a specific portion of openssl /
> cryptoapi / whatever?"
>
> if you consider a technology like transmeta's which only has to
> compile/translate code infrequently (rather than a traditional technology
> with decoders running all the time) then it's pretty easy to see how you
> could use a few cycles to do the string matching.

If you're the compiler, it's pretty damn easy. If you're the CPU
watching the instruction stream generated by an unknown compiler for a
lengthy piece of code with context switches and interrupts going on,
it's back to being nontrivial again. It's simply much easier to
backdoor the RNG..

-- 
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/