[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Sandy Harris
sandyinchina at gmail.com
Mon Oct 21 18:50:54 EDT 2013
Philipp Gühring <pg at futureware.at> wrote:
> Why aren't more crypto projects are using HAVEGE? ....
There are at least half a dozen programs about that some
claim might replace random(4) or be used as an extra
source of entropy for it. I have written one, and the PDF
file on its page discusses several others, including
Havege,
ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/
If it is avoidable, I would not want to trust any of
those (or anything else, really) as a sole source
of entropy, even though as far as I can tell Turbid
is close to ideal and the others seem plausible.
As I see it, the only way to be confident in the
face of risks like the NSA fiddling with RdRand
or Turbid being messed up by a hardware
failure or virtualisation is to use multiple
sources and have something pretty much
like the random device to cache, buffer and
mix those inputs.
More information about the cryptography
mailing list