>-----Original Message----- >From: Andy Lutomirski [mailto:[email protected]]
>A TPM that has an excellent internal entropy source and is FIPS 140-2 >compliant with no bugs whatsoever may still use Dual_EC_DRBG, which looks >increasingly likely to be actively malicious. You can look up the FIPS certification to see which algorithms were approved. The Dual_EC_DRBG always looked suspect to me, which is one reason why it wasn't used in RdRand. The other is that the core crypto function doesn't do dual duty as an entropy extractor like AES hardware does with AES-CBC-MAC and AES-CTR-DRBG. DJ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
