[cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

ianG iang at iang.org
Fri Jul 12 15:29:49 EDT 2013


On 12/07/13 21:54 PM, Patrick Mylund Nielsen wrote:
> On Fri, Jul 12, 2013 at 2:48 PM, James A. Donald <jamesd at echeque.com
> <mailto:jamesd at echeque.com>> wrote:
>
>     On 2013-07-13 12:20 AM, Eugen Leitl wrote:
>
>         It's worth noting that the maintainer of record (me) for the
>         Linux RNG quit the project about two years ago precisely because
>         Linus decided to include a patch from Intel to allow their
>         unauditable RdRand to bypass the entropy pool over my strenuous
>         objections.
>
>
>     Is there a plausible rationale for bypassing the entropy pool?
>
>
> Throughput? Not bypassing means having to wait until enough randomness
> has been gathered from trusted sources.


Typically, the entropy pool is used to feed a PRNG.  Throughput isn't 
really an issue because modern PRNGs are fast, and there are very few 
applications that require psuedo-RNs at that sort of speed.


> Or maybe it's just trusting Intel and assuming that RDRAND provides
> better randomness.


This thread has been seen before.  On-chip RNGs are auditable but not 
verifiable by the general public.  So the audit can be done then 
bypassed.  Which in essence means the on-chip RNGs are mostly suitable 
for mixing into the entropy pool.

Not to mention, Intel have been in bed with the NSA for the longest 
time.  Secret areas on the chip, pop instructions, microcode and all 
that ...  A more interesting question is whether the non-USA competitors 
are also similarly friendly.



iang



More information about the cryptography mailing list