[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say
ianG
iang at iang.org
Sat Dec 14 01:49:12 EST 2013
On 13/12/13 21:24 PM, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs? That guarantees strong results if either one is good.
That would be to reinvent Yarrow?
If that were known as Linux's approach, and RDRAND where spiked, it
would be a simple matter to spike the RDRAND in microcode again (a
known/suspected capability).
Perhaps to unXOR the contents of the previous instruction and XOR in the
secret stream...
iang
More information about the cryptography
mailing list