[Cryptography] Entropy Attacks!

John Kelsey crypto.jmk at gmail.com
Fri Feb 21 01:18:22 EST 2014

One other aside: 

If you were worried about the Intel RNG trying to carry out this attack, you could *start* by collecting 256 bits from RDRAND, and then collect entropy from the other sources until you are ready to seed your RNG.  If those other sources actually have any entropy, then the Intel RNG can't predict them, and so can't do anything with them.  

This is probably pointless paranoia, since if the CPU you're running on is evil, it's probably impossible to get much security.  But assuming the Intel RNG is good, seeding your system RNG in this way would work just fine.  


More information about the cryptography mailing list