Mick <michaelkintzios <at> gmail.com> writes: > What if the > RNG you use on your PC is either backdoored by Intel (if hardware > generated), or it has such a low entropy that it is trivial to > crack its algorithmic derivatives.
Rest easy here. ALL commercial hardware is "backdoor" at the silicon layer, not only by US interests, but various others, with extreme amounts of financial resources. That is a whole other topic. If you want to fix that, you'd better plan on building up, from a FPGA or such. [1] I usually do not work about such powerful forces as they usually "police" their own. If you are part of an anarchy, terrorist to looking to supplant those folks, then you have to worry about them. I'm more concerned with the petty criminals, interlopers, and script_kiddies who destroy things for fun. So hardwware comprises, although fully acknowledged, are of little concern to me, as they are closely managed by folks with a very limited scope of usage. Furthermore, the way they propage their (digitally undetecable, low bandwidwth) information pretty much makes them immune from exploitation by the pecker_heads (hacking commmunity without access to billions of dollars nor Rf signal intercept resources). It's pretty much the domain of a few dozen "nation states". > I was quite surprised to see that the random pool available on a > laptop I was working on at the time, was exceedingly lower than > the 4096 max entropy. > Try this to see yours: cat /proc/sys/kernel/random/entropy_avail > > I now run sys-apps/haveged in the background, at least when I am > generating ssl/gpg/ssh keys. Interesting [2] Do you have a formal document/wiki that explains it's usage in some detail? Some further discussion on it's usage and verification would be interested. Maybe "haveged " should have it's own page on the gentoo wiki? Do tell more on this. my FX-8350 came back with: entropy_avail 2188. It seems low and I would think that it is fixable in the kernel sources? Do tell me more on entropy, or anyone else that can delineate this entropy further......? > > [1] > > http://arstechnica.com/information-technology/2014/04/openssl- > > code-beyond-repair-claims-creator-of-libressl-fork/ > > Useful to know someone is cleansing the code. Thanks for sharing! The Rat is a very interesting humanoid. He has worked both sides of the fence and is a brilliant coder; idolized my some (many?) young pups...... [3] [1] http://opencores.org/ [2] http://www.issihosts.com/haveged/history.html [3] http://www.theos.com/deraadt/
