Martijn van Oosterhout dijo [Fri, Jun 13, 2014 at 10:09:02AM +0200]: > > Excuse me if I'm blunt here, but I understand that, on the point of > > using entropy to seed a PRNG, if you have several shitty entropy > > sources and one _really_ good one, and you xor them all together, the > > resulting output is as random as the best of them. If your hardware > > entropy source is faulted and produces just an endless stream of > > '001001001001001001', xoring it with a valid Golomb sequence will give > > you something even more random than a Golomb sequence. > > > > Or am I misunderstanding my crypto? > > The proof that XORing streams can't reduce the entropy relies on the > sources being independant. I think the issue here is we don't know if > RDRAND is independent or not. That said, doing a SHA256 over the output > should be sufficient (assuming the CPU doesn't see you're doing a hash and > short circuits it).
Ofcourse. Were your CPU to have a SHA256-defeating algorithm, it would have to detect the purpose it was being used for, or problems would be easily detected :) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140613125118.ga18...@gwolf.org
