tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Lightweight support for instruction RNGs



On Tue, Dec 22, 2015 at 12:22:57PM -0500, Greg Troxel wrote:
> 
> I am only dimly following this, but I have two thoughts:
> 
>   I see the point that running randomness tests will not detect a
>   well-engineered attack.  But it probably will detect a large class of
>   implementation bugs, so it seems worth doing.

If you do such a test on the final output to userspace, it cannot catch
any implementation bug in any stage of the machinery prior to the CTR_DRBG.

Since there were no changes to the CTR_DRBG (or the driver that reads
its output) the proposed test cannot actually detect any implementation
bug that could have happened in the code I posted.

Running tests that one knows cannot actually find bugs is not a practice
I am eager to engage in.  In fact, when I catch developers writing "tests"
like that rather than real unit or regression test, I generally give them
hell.

Thor


Home | Main Index | Thread Index | Old Index