[cryptography] [liberationtech] Random number generator failure in Rasperri Pis?

David Johnston dj at deadhat.com
Fri Jul 19 21:34:24 EDT 2013

On 7/19/2013 3:26 PM, Nico Williams wrote:
> The rpi's HW RNG is almost certainly better than many /dev/*random
> implementations running as VM guests.  How much real business is
> getting transacted on VMs nowadays?  Probably a lot.
This probably sounds like a plug for my employer, which it isn't, but 
the RdRand instruction was done the way it was done to punch through the 
VM and deliver random numbers directly to the running application, 
bypassing all those layers of software. Unfortunately VMs came first, so 
there's an entropy gap on servers that should be addressed. You still 
trust the VM not to meddle with it, but if you don't trust the VM, you 
have bigger problems.

I have no reason to doubt the rpi's RNG (I have a clue about its circuit 
structure) but I also know that if it matters, you should probably do 
some testing of the random numbers before you trust the source, because 
no one else is testing it for you.

More information about the cryptography mailing list