| From: Christopher Browne via talk <[email protected]> | This sure seems to point at rdrand being a scary feature to consider using.
I put the blame squarely on AMD. They've botched rdrand a couple of times. It's not really our job to wonder if instructions aren't implemented correctly. Imagine if FDIV didn't work? Whose problem would that be? | I imagine that it would be better to access /dev/urandom or /dev/random, | and have those facilities mix rdrand in somewhat, if possible. In this case, not really. Read the comments in the code (not the commit): <https://github.com/systemd/systemd/blob/master/src/basic/random-util.c> rdrand is suspect for another reason. We have no way knowing if rdrand has hidden structure. Such a compromise would amount to a backdoor into most crypto. But systemd folks say that their application of the output of rdrand doesn't need strong random numbers. --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
