[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say
Nico Williams
nico at cryptonector.com
Fri Dec 13 14:02:27 EST 2013
On Fri, Dec 13, 2013 at 01:24:21PM -0500, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs? That guarantees
> strong results if either one is good.
Yes, to reprise the /dev/*random robustness thread, we need as many
inputs to the CSPRNG as possible. Heck, even a constant seed and a seed
saved from the previous boot. As long as the PRNG is cryptographically
secure and at least one source of boot-time (and subsequent) entropy is
predictable by would-be attackers, this should be good enough.
More information about the cryptography
mailing list