[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

[ianG]

On 13/12/13 21:24 PM, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs?  That guarantees strong results if either one is good.


That would be to reinvent Yarrow?

If that were known as Linux's approach, and RDRAND where spiked, it 
would be a simple matter to spike the RDRAND in microcode again (a 
known/suspected capability).

Perhaps to unXOR the contents of the previous instruction and XOR in the 
secret stream...

iang