[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say

Nemo nemo at self-evident.org
Sun Dec 15 11:16:20 EST 2013


John Kelsey <crypto.jmk at gmail.com> writes:

> Why not just XOR RD_RAND outputs with Yarrow outputs?

Linux /dev/urandom already XORs against RDRAND, but using its own
homegrown hand-waving entropy collector instead of Yarrow.

> That guarantees strong results if either one is good.

"Guarantees" is perhaps too strong a word should Intel turn out to be an
adversary.

http://blog.lvh.io/blog/2013/10/19/thoughts-on-rdrand-in-linux/

http://pastebin.com/A07q3nL3

 - Nemo


More information about the cryptography mailing list