[liberationtech] Heml.is - "The Beautiful & Secure Messenger"

[Matt Mackall]

On Thu, 2013-07-11 at 13:47 -0700, Andy Isaacson wrote:
> > Linux now also uses a closed RdRand [2] RNG if available.
> 
> There was a bunch of churn when this code went in, so I could be wrong,
> but I believe that RdRand is only used to stir the same entropy pool as
> all of the other inputs which are used to generate random data for
> /dev/random et al.  It's hard to leverage control of one input to a
> random pool into anything useful.

It's worth noting that the maintainer of record (me) for the Linux RNG
quit the project about two years ago precisely because Linus decided to
include a patch from Intel to allow their unauditable RdRand to bypass
the entropy pool over my strenuous objections.

>From a quick skim of current sources, much of that has recently been
rolled back (/dev/random, notably) but kernel-internal entropy users
like sequence numbers and address-space randomization appear to still be
exposed to raw RdRand output.

(And in the meantime, my distrust of Intel's crypto has moved from
"standard professional paranoia" to "actual legitimate concern".)

-- 
Mathematics is the supreme nostalgia of our time.