On 12/07/13 21:54 PM, Patrick Mylund Nielsen wrote:
On Fri, Jul 12, 2013 at 2:48 PM, James A. Donald <jam...@echeque.com
<mailto:jam...@echeque.com>> wrote:
On 2013-07-13 12:20 AM, Eugen Leitl wrote:
It's worth noting that the maintainer of record (me) for the
Linux RNG quit the project about two years ago precisely because
Linus decided to include a patch from Intel to allow their
unauditable RdRand to bypass the entropy pool over my strenuous
objections.
Is there a plausible rationale for bypassing the entropy pool?
Throughput? Not bypassing means having to wait until enough randomness
has been gathered from trusted sources.
Typically, the entropy pool is used to feed a PRNG. Throughput isn't
really an issue because modern PRNGs are fast, and there are very few
applications that require psuedo-RNs at that sort of speed.
Or maybe it's just trusting Intel and assuming that RDRAND provides
better randomness.
This thread has been seen before. On-chip RNGs are auditable but not
verifiable by the general public. So the audit can be done then
bypassed. Which in essence means the on-chip RNGs are mostly suitable
for mixing into the entropy pool.
Not to mention, Intel have been in bed with the NSA for the longest
time. Secret areas on the chip, pop instructions, microcode and all
that ... A more interesting question is whether the non-USA competitors
are also similarly friendly.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography