[...] RDRAND is still available to user space applications.
There's a discussion going around the internet about Intel possibly
backdooring Linux with RdRand.
Two years ago Linus overrode a decision by the maintainer of /dev/random and
made a decision to include a patch by Intel which would make Linux rely
blindly on output from RdRand (an
Also take a look at this
I believe it is but not as the sole source but added to the mix. This way
apparently it doesn't matter if isn't perfectly random.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is the important point here. If it's the sole source of entropy, that's
when it becomes a security risk. As long as it's being mixed with something
else, it's pretty safe imo.
Maybe there should be (if there isn't already) a piece of
Maybe there should be (if there isn't already) a piece of code that disables
RdRand when no other source of entropy is available, to ensure that it's
never used as the sole source of entropy.
There already is. It's the nordrand parameter to the kernel.
Hey! Not fair! I spend a week out of here and you guys already go on
conspiracy theories without me? =P
LOL
Ok, seriously now, this is the kind of thing that makes me think free
software only, free software only!. Lol. Even so, and as this is an example
of, free software does not mean that