[Cryptography] A TRNG review per day: RDRAND and the right TRNG architecture
Stephan Mueller
smueller at chronox.de
Sun Oct 26 23:47:42 EDT 2014
Am Freitag, 24. Oktober 2014, 05:31:51 schrieb Bill Cox:
Hi Bill,
> The "right TRNG architecture" looks like this:
>
> auditable cheap low speed TRNG -> auditable high speed CPRNG -> happy
> user
>
> Respectable TRNGs like the new Cryptech Tech TRNG are switching to this
> architecture. If you use *any* secure TRNG to feed /dev/random, regardless
> of it's speed, and then read your cryptographic key data from /dev/urandom,
> then you are already using this model.
>
> However, I happen to be something of a speed freak. Intel's RDRAND
> instruction is appealing to me. The architecture is the fastest TRNG I
> have seen. So, why not use it? Here's why:
>
> - It is probably back doored
Another one: it is designed to cause a VM exit trap. I have a 10-line patch
against KVM demonstrating this "nice" feature.
--
Ciao
Stephan
More information about the cryptography
mailing list