[Cryptography] Use of RDRAND in Haskell's TLS RNG?

Ray Dillinger bear at sonic.net
Wed Nov 23 21:55:01 EST 2016

On 11/23/2016 06:31 PM, Peter Gutmann wrote:
> Ray Dillinger <bear at sonic.net> writes:
>> A proper audit is one that's sufficient for anybody with a copy of the audit
>> to notice if there's a mistake in the claimed implementation.
> That's for general fiduciary-style audits.  Remember that we're dealing with
> crypto paranoia here, for which "a proper audit" is "an audit that's far more
> comprehensive than what was applied in audit level X", for any value of X up
> to infinity.

Exactly.  And that's why "the claimed implementation".  Verifying that
the claimed and actual implementations match is a whole different level
of difficulty, but fortunately unnecessary if we run the bits through a
good mixer with a bunch of other bits.

Fully trusted sources of completely unpredictable bits don't exist.  I
wouldn't trust one without mixing even if I built it myself, because I
can make mistakes and besides there are attacks nobody knows about yet.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161123/833e0440/attachment.sig>

More information about the cryptography mailing list