8 Sep
2013
8 Sep
'13
12:24 a.m.
On 7 September 2013 04:30, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
So, if we have a new enough [3rd gen or later] Intel CPU, then chances are that the random number generator will bring in issues that will interfere with the security of GPG when generating keys, due to NSA "requirements".
On 7 September 2013 07:41, Rick Moen <rick@linuxmafia.com> wrote:
Fortunately, there's no special reason to rely primarily on built-in microcode routines for things like RNGs.
I'm glad Ted Ts'o also understands the need to avoid opaque instruction sets that can't be independently audited, and has resisted pressure from Intel engineers to allow /dev/random to rely solely on the RDRAND instruction. ~J