Use of TPM chip for RNG?

| On 7/3/06, Leichter, Jerry <leichter_jerroldemc.com> wrote:
| > You're damned if you do and damned if you don't. 
Would you want to use
a
| > hardware RNG that was *not* inside a tamper-proof
package - i.e., inside
| > of a package that allows someone to tamper with it?
| 
| Yes.  If someone has physical access to your equipment,
they could
| compromise it.  On the other hand, if you have access to
it, you can
| establish a baseline and check it for changes.
This assumes an odd definition of
"tamper-proof":  I can't look inside,
but the bad guys can change it without my knowing.  There
are such
things around - all too many of them; your typical Windows
PC, for
most people, is a great examplar of the class - but no  one
describes
them as "tamper-proof". 
"Tamper-proof" means that *no one* can change
the thing.  Obviously, this is a matter of degree, and
"tamper-resistant"
is a much better description.  But there are devices
considered
"tamper-resistent" against very well-funded,
very technologically
adept adversaries.

|						 I recall the book
| titled "Computer Security" by Carroll
suggested taking polaroids of
| all your equipment, and from each window, and other even
more paranoid
| things....
which is yet another issue, that of tamper-evident design. 
If your
design isn't tamper-evident - which again is a matter of
degree -
it's unlikely your pictures will do you much good against
even a
moderately sophisticated attacker.  With physical access and
no
tamper evidence, a couple of minutes with a USB stick is all
that's
necessary to insert some rather nasty code, which you have
little
hope of detecting, whether by physical or software means.

							-- Jerry


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com