[Cryptography] Use of RDRAND in Haskell's TLS RNG?

[Ron Garret]

On Nov 26, 2016, at 8:38 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Ron Garret <ron at flownet.com> writes:
> 
>> It should not matter so much that an audit has been done (though that matters
>> too, of course) as that it *can* be done
> 
> Right, because Many Eyes Make Bugs Shallow, which is why there's never been
> any vulns discovered in open-source software, lots of people have gone through
> and audited it and found all the bugs.

No, that is neither what I said, nor what I meant.

>> The only way to protect against this is to insist that the system be
>> architected in such a way that anyone could audit it if they wanted to.
> 
> See above.  You've basically got the choice between "the code never gets
> audited" (the Bystander Effect at Internet scale, I don't need to look at it
> because someone else is bound to have already done so) or "the code gets
> audited by someone paid or otherwise incentivised to do it", which means
> you're taking someone else's word that it's OK.

Yes, that’s right.  But what matters is that I rather than the vendor have the ability to choose who does the audit.  That is the only way to protect against a compromised vendor.  And, as I pointed out before, if you don’t have vendor compromise as part of your threat model, there’s no reason for you to care about an audit in the first place.

rg