> Is that file encrypted? As I understand it, no.
> I think I'd prefer possibly insecure, but difficult to obtain from outside > like disk drive interrupt timing low order bits than that. Regardless of > how unproven that method might be. Do note, the existing randomness sources are still being sampled and mixed into the pool, so even if the starting state from the saved entropy may be known (by violating the security of the storage), it's still not possible to predict the complete stream of randomness data once the system has seen a bit of uptime (given that there are actual other sources of (unverified) entropy which aren't all of too low quality). However, in the new scheme of things, because most of the traditional sources have unknown quality, and we have no reliable method to estimate how much "actual entropy" those sources provide, they no longer count towards the *estimate* of what is now a lower bound on the "real" entropy available in the pool. > Lastly, why would anyone presume that RDRAND generates less predictable > bits (less predictable to someone who knows how it works) than any of > the other methods that are used. Looking at https://en.wikipedia.org/wiki/RDRAND and the reference [3] at http://software.intel.com/sites/default/files/m/d/4/1/d/8/441_Intel_R__DRNG_Software_Implementation_Guide_final_Aug7.pdf reveals that the on-chip entropy source samples thermal noise on the chip, ref. page 12 where it says: The Entropy Source runs asynchronously on a self-timed circuit and uses thermal noise within the silicon to output a random stream of bits at the rate of 3GHz. That bitstream is then fed through a "AES-CBC-MAC" based conditioner and an AES-CTR based deterministic random bit generator, before the result is given to the user via RDRAND. If I'm not very much mistaken, thermal noise is one of the well- known physical sources of actual entropy. Besides, the implementation has been thoroughly vetted. E.g. the reference [7] from the wikipedia article states in the conclusion on page 20 Overall, the Ivy Bridge RNG is a robust design with a large margin of safety that ensures good random data is generated even if the Entropy Source is not operating as well as predicted. Personally, I as a non-expert can't find anything which seems overly worrisome with RDRAND. Best regards, - HÃ¥vard
