In a Reddit Ask Me Anything last Wednesday, Intel CEO Brian Krzanich opened the floor for questions, but notably ignored the most popular one in the thread: in light of recent NSA revelations, what will the company do to assure that its chips don't contain a backdoor for the NSA? <\/p>\n
While Kzarnich never answered any of the security-related questions--Intel PR says this is because the questions came late and Kzarnich either missed them entirely or couldnt reply in time--one Redditor, Bardfinn, responded at length on the issue of encryption and security. <\/p>\n
Bardfinns real name is Steve Akins, and in an email correspondence he describes his interest in cryptography and Internet security as personal and societal\/political. But hes quite literate on the subject. <\/p>\n
Its an immense problem for the layman, Akins says. Cryptography is difficult to use, touches many parts of our lives, and has not become significantly less difficult in the past 30 years In our tablets and smartphones, and the networks they connect to, cryptography is handled for us by the manufacturers. We never see it, never interact with it, and in many cases *cannot* interact with it. Were placing an immense amount of trust in the cryptography of manufacturers, Akins argues, and therefore were effectively trusting them not to peek. <\/p>\n
Of course, everyone cant be a skilled cryptographer, and since absolute security isnt really possible, there will always have to be some element of trust involved between manufacturers and everyday people--but Akins believes that trust needs to be verifiable, mitigated, and distributed: <\/p>\n
The problem isn't that we have to trust a black box in our personal devices. The problem is that we have to trust that one black box, and many black boxes on the Internet (or cellular network) which may or may not be as secure as the black box in our devices, and the ones in our computers and the ones in the networks interoperate at the lowest common denominator, and they all probably have back doors (which makes it really hard to actually trust them), and the ones on the Internet are highly targetable by the bored kids, criminals, etc: Bad Actors. <\/p>\n
To understand the root cause of this concern, and what can be done about it, it helps to have some understanding of how your computer goes about encrypting things to ensure that prying eyes dont see what you dont want them to see. For your computer to lock your data up tight and send it on its way, it relies on something that computers are in reality quite bad at: randomness. <\/p>\n
Random numbers are a necessity for building secure systems, as theyre the only way to make sure your encryption key stays secure. However, generating random numbers can be extraordinarily difficult, especially with software. Programs and computers are run by logic and if-then conditionals--asking them to pull numbers out of thin air without a prescribed formula is the sort of simple thing human minds can do that trip up computers. We call that predictability entropy. The higher your entropy, the harder it is to crack your encryption. <\/p>\n
Since its so hard to come up with a software solution that adequately generates random numbers with high entropy for encryption, its become possible to mitigate that by turning to your computers processor. Which is where Intel comes in. <\/p>\n
Ever since the company launched its Ivy Bridge line of processors in May of 2012, its included what it calls Secure Key technology for the purpose of random number generation. It is, essentially, a black box--an opaque system built for a specific purpose (random number generation) but with little to no insight as to how it actually accomplishes it. <\/p>\n
<\/p>\n