[Cryptography] Use of RDRAND in Haskell's TLS RNG?
Ray Dillinger
bear at sonic.net
Wed Nov 23 21:55:01 EST 2016
On 11/23/2016 06:31 PM, Peter Gutmann wrote:
> Ray Dillinger <bear at sonic.net> writes:
>
>> A proper audit is one that's sufficient for anybody with a copy of the audit
>> to notice if there's a mistake in the claimed implementation.
>
> That's for general fiduciary-style audits. Remember that we're dealing with
> crypto paranoia here, for which "a proper audit" is "an audit that's far more
> comprehensive than what was applied in audit level X", for any value of X up
> to infinity.
Exactly. And that's why "the claimed implementation". Verifying that
the claimed and actual implementations match is a whole different level
of difficulty, but fortunately unnecessary if we run the bits through a
good mixer with a bunch of other bits.
Fully trusted sources of completely unpredictable bits don't exist. I
wouldn't trust one without mixing even if I built it myself, because I
can make mistakes and besides there are attacks nobody knows about yet.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161123/833e0440/attachment.sig>
More information about the cryptography
mailing list