[Cryptography] Use of RDRAND in Haskell's TLS RNG?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Nov 23 21:31:06 EST 2016
Ray Dillinger <bear at sonic.net> writes:
>A proper audit is one that's sufficient for anybody with a copy of the audit
>to notice if there's a mistake in the claimed implementation.
That's for general fiduciary-style audits. Remember that we're dealing with
crypto paranoia here, for which "a proper audit" is "an audit that's far more
comprehensive than what was applied in audit level X", for any value of X up
to infinity.
In other words no matter how much it's audited and by whom, there will always
be people for which it's not enough.
Peter.
More information about the cryptography
mailing list