[Cryptography] randomness for libraries, e.g. OpenSSL
Ray Dillinger
bear at sonic.net
Tue Nov 29 22:15:53 EST 2016
On 11/28/2016 01:37 PM, Jerry Leichter wrote:
>>
>>> As a corollary: We need to to inveigle the OS providers and
>>> hardware providers to solve the problem.
>> That. Rather than spending energy on solving the problem in code, which is a really hard objective because of many factors, some of which are listed below, put the energy into Inveiglement....
> Ahem. Intel went and provided the hardware. And if you read the messages here ... you shouldn't trust it.
Well. My advice was to trust it about five bits, on the assumption that
Intel was both allowed and motivated to act in good faith, and didn't
get sabotaged when it tried to do so.
But it's still valuable because the RATE at which it produces
apparently-random bits is a worthy contribution. If you trust other
sources enough to make even *one* good key (ie, one with greater
security than anything you're going to produce based on the derived
stream) you can encrypt RDRAND output at high speed for days.
Even if Intel didn't act in good faith or just plain got sabotaged,
inside knowledge of exactly how will do nothing for an attacker trying
to predict or recognize an encrypted stream.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161129/c471d193/attachment.sig>
More information about the cryptography
mailing list