Search Mailing List Archives
[liberationtech] Heml.is - "The Beautiful & Secure Messenger"
mpm at selenic.com
Thu Jul 11 15:34:48 PDT 2013
On Thu, 2013-07-11 at 13:47 -0700, Andy Isaacson wrote:
> > Linux now also uses a closed RdRand  RNG if available.
> There was a bunch of churn when this code went in, so I could be wrong,
> but I believe that RdRand is only used to stir the same entropy pool as
> all of the other inputs which are used to generate random data for
> /dev/random et al. It's hard to leverage control of one input to a
> random pool into anything useful.
It's worth noting that the maintainer of record (me) for the Linux RNG
quit the project about two years ago precisely because Linus decided to
include a patch from Intel to allow their unauditable RdRand to bypass
the entropy pool over my strenuous objections.
>From a quick skim of current sources, much of that has recently been
rolled back (/dev/random, notably) but kernel-internal entropy users
like sequence numbers and address-space randomization appear to still be
exposed to raw RdRand output.
(And in the meantime, my distrust of Intel's crypto has moved from
"standard professional paranoia" to "actual legitimate concern".)
Mathematics is the supreme nostalgia of our time.
More information about the liberationtech