On Fri, Jul 25, 2014 at 11:24 AM, Rob Doyle
<radioengr at gmail.com> wrote:
It has been widely speculated (and supported by
the Snowden documents) that
the NSA can defeat the Intel random number generator - and therefore any
crypto based on that RNG) with a microcode patch.
Based on what's been leaked so far, the NSA seems to prefer to modify
products after they leave the manufacturer's control, rather that have
the manufacturer complicit, presumably in order to reduce the number
of people who are aware of the alteration. It's certainly possible
that the NSA installs custom microcode updates in the BIOS of machines
they modify. In the case of x86 CPUs, they might have sufficient
motivation to get their modifications into the standard vendor
microcode update releases.
I would expect that if they do that at all, they put in modifications
far beyond just compromising the RNG. A huge percentage of x86 CPUs
are used to run a relatively limited number of NT, MacOS, or RHEL
kernels, so it seems possible that malicious microcode could recognize
certain kernel addresses or instruction sequences and introduce
exploitable bugs that can never be found in the kernel source code or
even by disassembly of the object code.
This might be a point in favor of RISC processors, which typically
don't have any microcode, let alone a microcode patch area. It's not
impossible that such a back door might be present in a RISC processor,
but it would have to be designed in from the outset, not installed
I'm going to go put on my tin foil hat [*] now, and watch the new
Weird Al video "FOIL" again.
* I have it on good authority that only true tin foil is usable to
block the mind control rays, and that's why you can't buy actual tin
foil at the supermarket, only aluminum foil.