[Cryptography] A TRNG review per day: RDRAND and the right TRNG architecture

Stephan Mueller smueller at chronox.de
Sun Oct 26 23:47:42 EDT 2014


Am Freitag, 24. Oktober 2014, 05:31:51 schrieb Bill Cox:

Hi Bill,

> The "right TRNG architecture" looks like this:
> 
>     auditable cheap low speed TRNG -> auditable high speed CPRNG -> happy
> user
> 
> Respectable TRNGs like the new Cryptech Tech TRNG are switching to this
> architecture.  If you use *any* secure TRNG to feed /dev/random, regardless
> of it's speed, and then read your cryptographic key data from /dev/urandom,
> then you are already using this model.
> 
> However, I happen to be something of a speed freak.  Intel's RDRAND
> instruction is appealing to me.  The architecture is the fastest TRNG I
> have seen.  So, why not use it?  Here's why:
> 
> - It is probably back doored

Another one: it is designed to cause a VM exit trap. I have a 10-line patch 
against KVM demonstrating this "nice" feature.

-- 
Ciao
Stephan


More information about the cryptography mailing list