[Cryptography] Use of RDRAND in Haskell's TLS RNG?

Ron Garret ron at flownet.com
Sun Nov 27 01:07:03 EST 2016

On Nov 26, 2016, at 8:38 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Ron Garret <ron at flownet.com> writes:
>> It should not matter so much that an audit has been done (though that matters
>> too, of course) as that it *can* be done
> Right, because Many Eyes Make Bugs Shallow, which is why there's never been
> any vulns discovered in open-source software, lots of people have gone through
> and audited it and found all the bugs.

No, that is neither what I said, nor what I meant.

>> The only way to protect against this is to insist that the system be
>> architected in such a way that anyone could audit it if they wanted to.
> See above.  You've basically got the choice between "the code never gets
> audited" (the Bystander Effect at Internet scale, I don't need to look at it
> because someone else is bound to have already done so) or "the code gets
> audited by someone paid or otherwise incentivised to do it", which means
> you're taking someone else's word that it's OK.

Yes, that’s right.  But what matters is that I rather than the vendor have the ability to choose who does the audit.  That is the only way to protect against a compromised vendor.  And, as I pointed out before, if you don’t have vendor compromise as part of your threat model, there’s no reason for you to care about an audit in the first place.


More information about the cryptography mailing list