[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

[Kent Borg]

On 12/13/2013 01:24 PM, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs?  That guarantees strong results if either one is good.
>

It might make even two bad inputs good. If rdrand has a backdoor it 
still needs to leak state to its master.  XORing in something way noisy 
might be annoying to the masters.

-kb