[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

[Nico Williams]

On Fri, Dec 13, 2013 at 01:24:21PM -0500, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs?  That guarantees
> strong results if either one is good.

Yes, to reprise the /dev/*random robustness thread, we need as many
inputs to the CSPRNG as possible.  Heck, even a constant seed and a seed
saved from the previous boot.  As long as the PRNG is cryptographically
secure and at least one source of boot-time (and subsequent) entropy is
predictable by would-be attackers, this should be good enough.