/
trust.html
129 lines (106 loc) · 5.79 KB
/
trust.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>OneRNG - Hardware Random Number Generator</title>
<link rel="stylesheet" href="/onerng.css" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>
<div class="page">
<div class="header">
<h1><span class="onerng"><a href="/index.html">OneRNG</a></span></h1>
<h2><a href="/index.html">Open Hardware Random Number Generator</a></h2>
<p><span class='onerngbg'>OneRNG</span> is a reliable and Open <em>verifiable</em> USB-connected hardware entropy source & random number generator.</p>
<script type="text/javascript" src="/diceimg.js"></script>
</div>
<div id="content">
<h3>On Trust and Distrust</h3>
<h4>Distrust is easy</h4>
<p>
We seem to be making a major claim that you need to place an unusual level of trust in
your RNG or Entropy source, because it is a critical piece of infrastructure for your security
and privacy.
</p>
<p>
Certainly in 2013 we discovered that the NSA at least had been involved in large-scale
attacks against the use of cryptography, and in some cases in the very design of some of
the crypto systems themselves. But does this mean that we should <em>really</em> be worried?
</p>
<p>
If your RNG has been compromised, attackers know how you create all of your "secret"
keys, and know how to read all of your communications. The NSA paid RSA US$10 million
in order to get them to use a compromised RNG by default in their BSAFE product, so
we know that an unsafe RNG is worth real good hard cash to the right buyer.
You don't have to believe me, you can read it all on
<a href="http://en.wikipedia.org/wiki/RSA_BSAFE">the Wikipedia page</a>.
<span class="citation">[citation needed]</span>
</p>
<h4>But can you verify things?</h4>
<p>
Intel have built an RNG into their recent chips, referred to by the name of the
CPU instruction that invokes it, RdRand. This is a well-designed subsystem,
that promises to produce relatively large quantities of high-quality randomness.
The promises it makes are so far in advance of the general OS state of the art of
collecting limited hardware entropy, that several people have advocated for simply
bypassing all the operating system's PRNG work, and just using Intel's RNG directly
all the time.
</p>
<p>
And then the NSA documents leaked by Edward Snowden were released stating :
<blockquote>the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, [...] by working with chipmakers to insert back doors</blockquote>
and the obvious questions were raised - what if this referred to Intel, one of the
world's largest chipmakers?
</p>
<p>
After all, even though Intel have shown us how RdRand works, there is no way to
actually verify that the chips you have in your servers actually have that circuit,
or whether it is actually being used by the CPU when you call for data, or that the
software whitening stage is really being done the way you need.
</p>
<p>
And this is why the <span class='onerngbg'>OneRNG</span> strives to earn your trust by being <em>verifiable</em>.
We have built a simple system that you can visually inspect, with components that
can't be hiding any additional malicious software; and in any case, you can inject
your own software instead if you prefer!
</p>
<h4>Is it plausible?</h4>
<p>
On the other side of the coin, would an attacker really gain significant value in the
general case, by compromising your RNG? Your software can and should test
the output of the RNG systems to detect this sort of thing.
And there are huge numbers of potential attack points all
over your system that will <em>also</em> compromise your secure communications;
with the advantage that many of these other attacks have actually been seen in the wild,
multiple times, and really do work.
</p>
<p>
This is summed up well by Adi Shamir's 2002 quote,
<em>"Cryptography is typically bypassed, not penetrated"</em>.
</p>
<p>
And the other part of the question - if your communications have been compromised,
but that compromise is by an agency such as the NSA, should you really be concerned?
Are they actually an entity that you should be defending against?
</p>
<h4>Imponderables</h4>
<p>
We don't have an answer to those questions for you, and in fact we can't, because it
is <em>your</em> responsibility. All we have to do is to give you an extra option;
the option to have an independent hardware entropy source that you can verify to
a high standard, and ultimately to trust.
</p>
</div>
<div class="footer">
<h3><hr/></h3>
<div class="CC">
<p><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License, BY-SA" src="/img/CCBYSA-88x31.png"/></a>
<span xmlns:dct="http://purl.org/dc/terms/" href="http://purl.org/dc/dcmitype/Text" property="dct:title" rel="dct:type">The OneRNG.info website</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="http://onerng.info/" property="cc:attributionName" rel="cc:attributionURL">Jim Cheetham</a> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>.</p>
<p style="clear: left;">Website copyright © 2019 Jim Cheetham, jim@inode.co.nz;
Pictures copyright © 2014, 2015, 2016 Jim Cheetham and/or Paul Campbell;
Icons copyright various;
see <a href="https://github.com/OneRNG/onerng.github.io">website source</a>
on <a href="https://github.com/">GitHub</a> for details.</p>
</div>
</div>
</body>
</html>