Re: Lightweight support for instruction RNGs

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Tue, Dec 22, 2015 at 10:50:37AM -0800, Alistair Crooks wrote:
> Yeah, we keep coming back to this asssumption that nothing can go
> wrong with the random output in userland because it is passed through
> whitening filters on its way. The analysis of the recent Juniper
> backdoor should give you an idea of why relying on that kind of
> reasoning is unsound - Juniper had multiple levels of whitening in
> their product, and have still had to go through a particularly
> embarassing episode. It's worrying to me that we've had to bolt the
> stable door once already in this area.

The paragraph above would seem to reveal that you either don't understand
what happened to Juniper, that you don't understand the actual content
of the patch I asked people to look at (I'm just going to come straight
out and ask: did you read it, either after commenting or before?), or
both.

You do understand that the test you're thumping your fist about *would not
actually have failed if run against the Juniper product*, right?

Would you propose that the world would be better off if Juniper had run
Dieharder a bunch of times against their compromised RNG, so they'd felt
really sure they were right when they were in fact still wrong?

Thor