Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site petrus.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!petrus!karn
From: karn@petrus.UUCP
Newsgroups: net.crypt
Subject: Re: Why no hardware random numbers?
Message-ID: <315@petrus.UUCP>
Date: Fri, 22-Mar-85 17:54:23 EST
Article-I.D.: petrus.315
Posted: Fri Mar 22 17:54:23 1985
Date-Received: Sat, 23-Mar-85 03:39:33 EST
References: <868@utcsri.UUCP> <2139@wateng.UUCP> <1139@hcrvx1.UUCP> <1146@watdcsu.UUCP>
Distribution: net
Organization: Bell Communications Research, Inc
Lines: 28

Intel has just announced a "secure eprom" ("Keprom") which incorporates
a hardware random number generator and encryption to supposedly guard the
ROM against copying. The basic idea is that the ROM cannot be read until
it has completed a two-way cryptographic handshake with another of its
kind. In an actual system, one ROM would be permanently attached to the
system board (potted, say) while the other would be on an optional board
and contain the software to be protected.

Despite Intel's glowing writeups ("46 billion years to try every
combination!"), the scheme seems just as doomed to failure as various
attempts over the years to prevent videotape piracy. The basic problem
is that if I grant a legitimate user access to the information (which
I have to do in order for him to pay me) then there is nothing to prevent
him from recording it. If I can get at the data bus of the machine, I can
copy the ROM in one of two ways:

1. Passively watch the address and data busses of the device as it executes
normally in the machine, recording each location as it appears on the bus.

2. If the microprocessor supports DMA, build a bus peripheral that waits
until the ROM handshake has completed and then grabs the bus to do a
DMA dump to an external device.

Oh yes. Their random number generator has a patent pending. They claim
their statistical tests for random showed it to have "practically ideal
randomness."

Phil