Oh my. Apparently, AMD CPUs will sometimes return bad results from RDRAND after a suspend. That's bad, but if everyone has been following the cryptographer's advice and _just used getrandom()_ that's not a problem. ... nope! systemd of course didn't!https://github.com/systemd/systemd/issues/11810#issuecomment-489727505 …
-
-
Oh but it is! With the right flags, getrandom() will not block, and urandom doesn't either. And the kernel does mix in all sort of stuff. Strong full agree that the blocking behavior is madness, and the source of a lot of these issues.
-
With the right flags is the problem! Developers end up thinking there's something lesser about urandom. I just want to nuke it all from orbit. Generating terabits of secure randomness does not take much entropy!
- 2 more replies
New conversation -
-
-
The attacks against the bit-flip method don't apply if it's happening in ring 0 as the system is booted. It's effectively a measure of HW clock and CPU precision. I still wouldn't call it sufficient on its own, but it's a good start before more interrupts can be timed.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.