On Mon, Jun 18, 2012 at 09:58:59PM -0700, coderman wrote: > > this is very useful to have in some configurations (not just testing). > for example: a user space entropy daemon consuming raw, biased, > un-whitened, full throughput bits of lower entropy density which is > run through sanity checks, entropy estimates, and other vetting before > mixing/obscuring state, and feeding into host or application entropy > pools.
Sanity checks, entropy estimates, and other vetting *which the output of a DRBG keyed in a known way by your adversary will pass without a hint of trouble*. It seems to me the only reason you'd benefit from access to the raw source would be if you believed Intel might have goofed the sanity checks. For my part, I am happy to rely on CRI's assurance that Intel's sanity checks are good. The only defense against a deliberately compromised hardware RNG is to mix it with something else. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
