[Cryptography] Use of RDRAND in Haskell's TLS RNG?

Ray Dillinger bear at sonic.net
Sun Nov 27 14:09:06 EST 2016



On 11/26/2016 04:06 AM, Watson Ladd wrote:

> Have you looked at the RDRAND circuit and the on-chip power
> distribution network? Your claimed "simple power droop attack" depends
> on the output impedance of the power supply and the variance in the
> current consumption caused by your instructions. Both are potentially
> knowable: did you do the work to know them?

Did Intel make it possible for us to do that?

Did Intel make it possible for us to tell whether the power droop attack
is doing anything?

> Does /dev/random actually mix the entropy correctly? Does /deve/random
> protect against malicious sources? Actual history indicates neither of
> these assumptions are true.

And what do you suppose actual history would show if RDRAND were as open
to review and audit as the source code for /dev/random?  You can't claim
that something we can't see and audit is superior to something we can
and have.  That's comparing a known with an unknown, and the result of
that comparison is NaB.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161127/dd4eefbd/attachment.sig>


More information about the cryptography mailing list