There's a big difference between "We shouldn't assign 100% trust to any particular HWRNG" and "RDRAND IS TEH BACKDOOR!!!!11!"
@DefuseSec @matthew_d_green @nickm_tor Result of discussion of cloning kernel PRNG state during VM cloning, but now I don't remember details
-
-
@DefuseSec@matthew_d_green@nickm_tor It may very well have been the wrong conclusion. Something to think about.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@matthew_d_green@nickm_tor Ah, good point. Although, that wouldn't break mixing other entropy with RDRAND (if done properly). -
@DefuseSec@BRIAN_____@nickm_tor Yes, but this can be a problem for forks. Using pure RDRAND is fork-safe, the OpenSSL RNG is not so. -
@matthew_d_green@BRIAN_____@nickm_tor Even if it's mixed right before use, e.g. SHA512(other_entropy||RDRAND)? -
@matthew_d_green@BRIAN_____@nickm_tor If othr_entrpy is cloned, RDRAND saves it. If that's broken, it still is if forkd right after RDRAND -
@matthew_d_green@BRIAN_____ (example: GPG pulls a bunch of values from RDRAND, the VM gets cloned, then both generate the same RSA key)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.