[cryptography] Intel RNG
Thor Lancelot Simon
tls at panix.com
Tue Jun 19 09:17:57 EDT 2012
On Mon, Jun 18, 2012 at 09:58:59PM -0700, coderman wrote:
> this is very useful to have in some configurations (not just testing).
> for example: a user space entropy daemon consuming raw, biased,
> un-whitened, full throughput bits of lower entropy density which is
> run through sanity checks, entropy estimates, and other vetting before
> mixing/obscuring state, and feeding into host or application entropy
Sanity checks, entropy estimates, and other vetting *which the output
of a DRBG keyed in a known way by your adversary will pass without
a hint of trouble*.
It seems to me the only reason you'd benefit from access to the raw
source would be if you believed Intel might have goofed the sanity
checks. For my part, I am happy to rely on CRI's assurance that Intel's
sanity checks are good.
The only defense against a deliberately compromised hardware RNG is to
mix it with something else.
More information about the cryptography