[Cryptography] RNG exploits are stealthy

John Kelsey crypto.jmk at gmail.com
Fri Feb 21 00:58:52 EST 2014

> On Feb 15, 2014, at 3:35 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Philipp =?iso-8859-1?Q?G=FChring?= <pg at futureware.at> writes:
>> So in the name of battery saving, some people actually developed interrupt
>> rigidizing beasts:
> This may be news for Android devices, but interrupt (and timer) coalescing has
> been done for several decades in general-purpose computers, originally because
> CPUs weren't powerful enough to handle a high interrupt load, and then more
> recently for power-saving purposes.  For example Windows has had timer and
> interrupt coalescing for some years now, see e.g

This general phenomenon seems to me to be the strongest argument against using general purpose stuff that's lying around in your computer as an entropy source.  You can do this, analyze it, and get a secure system today, and over time, things can change that will be pretty much invisible to your software, but that will completely destroy your security.  


More information about the cryptography mailing list