[Ach] question / recommendations on hardware RNG sources?
iang at iang.org
Wed Dec 11 12:27:45 CET 2013
On 11/12/13 09:58 AM, ianG wrote:
> This is indeed the problem with RNGs. They are hard to recommend;
> whichever statement you come up with, it likely takes the follower down
> a rabbit hole, which is no good recommendation.
> In the sense of what the paper is trying to achieve, I generally
> recommend that, if you don't care that much, use what the platform
> provides. If you care more than that, you have to write your own. There
> is no in-between, ... for the reasons that you are discovering, every
> 'product' out there has to be audited in depth to find out if it is
> kosher random, and once you do that, you may as well just write your own.
As an example of "if you do care" aka "if you are the platform" here's
what FreeBSD just decided:
Developers of the FreeBSD operating system will no longer allow users to
trust processors manufactured by Intel and Via Technologies as the sole
source of random numbers needed to generate cryptographic keys that
can't easily be cracked by government spies and other adversaries.
"For 10, we are going to backtrack and remove RDRAND and Padlock
backends and feed them into Yarrow instead of delivering their output
directly to /dev/random," FreeBSD developers said. "It will still be
possible to access hardware random number generators, that is, RDRAND,
Padlock etc., directly by inline assembly or by using OpenSSL from
userland, if required, but we cannot trust them any more."
More information about the Ach