[Cryptech Core] two presos

Joachim Strömbergson joachim at secworks.se
Sun Dec 14 20:54:17 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Randy Bush wrote:
> i will be singing at verisign on tuesday.  i have o separated hsm
> from tool-chain as we seem to have done so o i have stolen some stuff
> from joachim and otherwise hacked on the hsm preso
> 
> https://archive.psg.com/141216.verisign-cryptech.pdf

Slide 11: "later allow". Something missing. Later possible ASIC
implementation or something perhaps.

Slide 26: If you want to emphasize state in the TRNG you could also add
a loop within the mixer to illustrate that we don't restart the mixer,
but instead treat the entropy as part of a very long message from which
we extract digests for after each new block added. And that we need
digests from two consecutive blocks (thus 2kbit entropy) to do reseed of
the csprng. Unless that is way too much detail.

Slide 33: Should we perhaps remove "MD5" from the blue layer?


> https://archive.psg.com/141216.verisign-pwned.pdf

Regarding finding a 486. Another option that might be worth mentioning
is that there are other x86 cpu vendors (Via, AMD) as well as other ISAs
(ARM, Tizen, MIPS, RISC-V, OpenRISC, SPARC/LEON). Some implementations
of them might be suspect, but probably not by the same actor. Some of
them are open source (spec and implementation) and we could build some
trust by not only do Wheeler-compilation, but also use multiple ISAs, at
least for testing.

HDL is normally an abbreviation for "Hardware Decription Language".

I would also add that there exists no open toolchain from Verilog source
to FPGA bitstream. Sooner rather than later you end up in the vendor
black box.


Glad to see the turtles. ;-)


Good presos, I might steal some of it back. ;-)

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUjfj5AAoJEF3cfFQkIuyNjM8P/2jLcKeadW5j7eAYfaDB4DwP
z6QPpD/z9/UIgY503D++1RMujBSQoOiBDjaZ+X6Qg+sSPp7M3kiITpb5u1cz5Wbv
ezKBjVCggcgMYyi6AogRikQG3YE7ZaLyYtYJMzFiBtBV4Y0/yBCo+p+Yx6W5r90m
8I8eOtkMKgfGzKfjbHPEl9H1C+iMMnZHLp8vvU0NOH4ANxbM3NabvRcg5Gcyu1DV
1NagGGB8SVZJ+trhlqlYX6ZRnXNKqaPu30s5dkwLtX0Qg6iIiGcCbBSXqR4iBwyz
D74XxSVqPPEiw5FbgeoRSUXTnqF5AQLWmaq328lZyUdbP3Ey6SXdVEspPnEWpqqr
WKv9vfT3pANKww/SqWU4iOVxoQfCZr+V1+chPozwys7CgxV5ta2RJ4NaR02crxdn
3gyUoc2Q7cxWtxm+4hqSRiZSgsywGmCB4/pFCtNUP+j4CbvPa/CbyqQGA0V2wHV5
svFtBqyxSdIY54l28vBQNglpnLfn4vLnLdjfkpbpdMe4Kx1ntgQ7sCZlGsdwA9eE
hKsZtkltWwROZY17QfY2j5zzi4sLFK70wfKuwYx7gO4PcMkVNz1HmUFKROm9u/b4
0dze5RVbY+KjVYz7f2wWccT0X/f6pMZ7NV/fLQBS2kBRFRlqhH9/PHtBu7aqti7b
J7KKadckee/qwXzpf28b
=QZul
-----END PGP SIGNATURE-----



More information about the Core mailing list