Re: use of RDRAND in $random_library
On Fri, Jun 13, 2014 at 06:51:44PM +0000, Jacob Appelbaum wrote:
> I would expect that if the NSA wanted to take control of the RDRAND or
> the rest of the CPU, they'd dynamically update the microcode in the
> CPU to change how it behaves. To do this, it appears that they'd need
> to sign a microcode and then apply an update.....
The Intel CPU doesn't support a persistent microcode update. A
microcode update has to be uploaded after each power cycle. That
means that a microcode hack would require that you break root first.
And if you can break root, you can just bugger the kernel or one or
more the userspace binaries. That's going to be as detectable as
leaving an extra firmware file in /lib/firmware/intel-ucode.
I've long considered that there are so many zero-day exploits that if
the NSA decides to carry out a focused attack on a single machine, or
machines belonging to a single person, there is a very high
probability they can do whatever they want. And this isn't a new
problems; even before the days of computers things like "black bag jobs"
were always a thing.
So I'm personally much more concerned about bulk surveillance, whether
it involves passive surveillance using fiber taps, or trojans
introduced into distribution-provided binaries. Other people may have
their own personal sense of paranoia, but that's mine. I happen to
think mine corresponds more with reality, but I'm sure Keith Alexander
and James Clapper would try to claim that I should be wearing tin foil
hats or something. :-)