That's not true, because the RDRAND entropy is mixed in *last*. So once you're u... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tremon on Dec 31, 2020 | parent | context | favorite | on: Linux Hardening Guide

That's not true, because the RDRAND entropy is mixed in last. So once you're under the assumption that RDRAND is nefarious, the microcode only needs to detect the rdrand-to-xor pattern to make the entire entropy pool predictable (for example: by setting the non-rdrand input to the xor operation to zero it could disable all other entropy sources).

px43 on Dec 31, 2020 [–]

A microcode backdoor capable of reading the existing entropy pool state is going to be a hell of a lot more powerful than a RDRAND backdoor, to the point of making a RDRAND backdoor worthless.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact