[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

ianG iang at iang.org
Sat Dec 14 01:49:12 EST 2013


On 13/12/13 21:24 PM, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs?  That guarantees strong results if either one is good.


That would be to reinvent Yarrow?

If that were known as Linux's approach, and RDRAND where spiked, it 
would be a simple matter to spike the RDRAND in microcode again (a 
known/suspected capability).

Perhaps to unXOR the contents of the previous instruction and XOR in the 
secret stream...

iang



More information about the cryptography mailing list