[Cryptography] Use of RDRAND in Haskell's TLS RNG?

Henry Baker hbaker1 at pipeline.com
Wed Nov 23 17:14:59 EST 2016

At 02:23 AM 11/23/2016, Darren Moffat wrote:
>What is a "proper audit" and why do you think that Intel hasn't done that already ?  What more find they (or any chip designer/builder) do to convince you?

My guess is that Intel's HW RNG is basically ok, but that their chips have mechanisms to squirrel away (and later disgorge) secrets of various sorts -- e.g., inputs to built-in hash instructions.  There might be a HW "reset" capability -- analogous to a password reset function -- that might be used under certain circumstances to reset RDRAND.  Good luck finding it amidst billions and billions of transistors, tho.

More information about the cryptography mailing list