[cryptography] [liberationtech] Random number generation being influenced - rumors

Jon Callas jon at callas.org
Mon Sep 9 09:08:06 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 8, 2013, at 10:10 PM, coderman <coderman at gmail.com> wrote:

> and so forth and so on, to no effect.  the lines have been drawn, and
> nothing will convince Intel to release raw access to the entropy
> source.

I have to disagree with you. Lots of us have told Intel that we really need to see the raw bits, and lots of us have gotten informal feedback that we'll see that in a future chip.

In the meantime, don't use it if you don't like it!

Better, however, would be to continue using whatever software RNG you're using, and reseed it with whatever you're doing now and throw an RDRAND reading in. It won't hurt anything no matter how badly it's broken and helps against any number of things. Heck, I've done that with TPM RNGs that I knew were of limited quality.

Once Intel better documents the RNG and we have ways to look at the entropy source, then we might use it more. Until then, it's somewhere between a toy and a curiosity.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFSLcg1sTedWZOD3gYRAqbnAJ9uqS5CONA5vWYheiTrsE5C5BDXGgCeM/l/
qprr/56jYSuasPBWiRdqDHs=
=HEOP
-----END PGP SIGNATURE-----


More information about the cryptography mailing list