On Tue, May 26, 2015 at 7:27 PM, Russell Leidich <[email protected]> wrote:
> Unfortunately, that page doesn't provide insights as to why that piece of > advice was issued. > > On Wed, May 27, 2015 at 2:11 AM, Naveen Nathan <[email protected]> > wrote: > >> Avoid: userspace random number generators, havaged, prngd, egd, >> /dev/random. >> Source: https://gist.github.com/tqbf/be58d2d39690c3b366ad > > The author Thomas Ptacek has a longer post on why people should just use /dev/urandom: http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ Relying solely on the TSC seems like a bad idea because: 1) userspace access may be disabled for security purposes with the TSD bit 2) TSC measurements may be influenced by processes on other cores able to induce SMIs.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
