[148454] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's

daemon@ATHENA.MIT.EDU (ianG)
Sat Dec 14 02:00:59 2013

X-Original-To: cryptography@metzdowd.com
Date: Sat, 14 Dec 2013 09:49:12 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com, John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <86CC5021-CF61-4F42-83F3-C7CBC741C414@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

On 13/12/13 21:24 PM, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs?  That guarantees strong results if either one is good.

That would be to reinvent Yarrow?

If that were known as Linux's approach, and RDRAND where spiked, it 
would be a simple matter to spike the RDRAND in microcode again (a 
known/suspected capability).

Perhaps to unXOR the contents of the previous instruction and XOR in the 
secret stream...

iang

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[148454] in cryptography@c2.net mail archive

Re: [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's

daemon@ATHENA.MIT.EDU (ianG)Sat Dec 14 02:00:59 2013

daemon@ATHENA.MIT.EDU (ianG)
Sat Dec 14 02:00:59 2013