Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering

> I am still of the fairly firm beleif that the mistrust in the
> hardware vendors' ability to make a reasonable and robust
> implementation is without foundation.

I don't doubt the ability.  I don't doubt that they _can_.

I question whether they _do_.  (And, indeed, there has been at least
one incident that demonstrates that on occasion they don't.)

If I am ever in a situation where I need randomness good enough that I
care about things like the accuracy of entropy estimates, I expect the
applicable threat model will consider CPU manufacturers untrusted.
Thus, I would want the system to consider RDRAND and its ilk same as
any potential other source of entropy: trusted to generate real
unpredictability only when specifically configured that way.  (The
question of what the default should be is a separate one.)

Of course, in a situation like that, I would also want to do all the
relevant processing on CPUs (and, where applicable, other hardware) old
enough to predate the reasons for caring about that level of
unpredictability, because it makes them significantly less likely to
have been trojaned.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index