Am Dienstag, 3. Dezember 2013, 15:25:22 schrieb coderman: Hi coderman,
> On Mon, Dec 2, 2013 at 11:02 PM, Stephan Mueller <smuel...@chronox.de> wrote: > > ... > > Interesting: I have the same type of discussion (SP800-90B) to prepare > > (and > > even went through it -- see [1]) and I do not see it that problematic, if > > you have the right hooks into your noise source implementation (and I > > could imagine that this is a challenge with the current RDSEED/RDRAND > > implementation). > > one of the beautiful aspects of the RDRAND/RDSEED design is that > un-trusting consumers can use it concurrently without leaking any > useful information between them. consider multiple guest OS'es using > the instruction directly. > > raw sampling of the sources would provide bias that _might_ be useful > to a malicious consumer attempting to compromise the entropy of other > processes or domains, if done naively. > I concur with you here. And I do not ask for the availability of that information in any privilege level. I would be fine if that is available only in ring 0 and in VM root mode. > > > I spoke with several NIST folks involved in the RNG process in September. > > And they are not ignorant. Therefore, I would not suggest that we imply > > anything here! > > are there other organizations that might provide some weight to these > efforts? IETF? The German BSI performs RNG analyses for quite some time. See https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf Ciao Stephan -- | Cui bono? | _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
