This is indeed what Linux does. It doesn't use the Intel instructions as random source, but it uses them as input. Disclaimer: I'm not very knowledgable in this field.
On 14/03/15 16:33, Mobile Mouse wrote: > On Intel platforms I would definitely mix the RDRAND output in, at any cost. > Otherwise I'm probably OK with the native RNG... > > Sent from my iPad > >> On Mar 14, 2015, at 10:56, Ruben De Smet <[email protected]> wrote: >> >>> On 14/03/15 15:36, Jean-Pierre Münch wrote: >>> Hey everyone, >>> >>> as you may or may not know I'm currently modernizing Crypto++ to some >>> extent. >>> During some of my other research I noticed that the LibreSSL team decided >>> to drop their (OpenSSL's) PRNG. >>> They stated that it's not the job of the TLS library to provide users with >>> randomness but rather the OS's job. >>> >>> So here comes my question: >>> >>> How far do we trust the PRNGs of Windows (CryptGenRandom()) and UNIX >>> (/dev/random?)? >> >> As far as I know a thing about crypto, I'm going to throw my opinion in >> this starting discussion, while it's still new ;) >> >> Me to, I think it's the OS's job to do rng. AFAIK, Linux does a fairly >> well job on that; it uses a lot of different sources for entropy. >> Sources which CryptoPP/userland cannot acces: Intel CPU entropy >> generator, network chatter, USB chatter. >> >> I would trust my /dev/random. I wouldn't trust Windows' RNG though, but >> I wouldn't trust any randomgenerator on a closed source system. >> >>> >>> Is it neccesssary to find any source of potential entropy we can get or do >>> we just sit there and use the entropy the OS provides to us? >>> >>> Depending on your answers I'll adapt my Fortuna implementation (if we trust >>> in the OS, the OS will feed the pools, if not I have to do it). >>> >>> Now the master question: DO we even CAN get GOOD entropy in USERLAND? (-> >>> Crypto++'s main usage) >>> >>> BR >>> >>> JPM >> >> >> -- >> -- >> You received this message because you are subscribed to the "Crypto++ Users" >> Google Group. >> To unsubscribe, send an email to [email protected]. >> More information about Crypto++ and this group is available at >> http://www.cryptopp.com. >> --- >> You received this message because you are subscribed to the Google Groups >> "Crypto++ Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
