On Tue, Jul 9, 2019 at 3:09 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: Christopher Browne via talk <talk@gtalug.org>
| This sure seems to point at rdrand being a scary feature to consider using.
I put the blame squarely on AMD. They've botched rdrand a couple of times. It's not really our job to wonder if instructions aren't implemented correctly. Imagine if FDIV didn't work? Whose problem would that be?
| I imagine that it would be better to access /dev/urandom or /dev/random, | and have those facilities mix rdrand in somewhat, if possible.
In this case, not really. Read the comments in the code (not the commit):
<https://github.com/systemd/systemd/blob/master/src/basic/random-util.c>
rdrand is suspect for another reason. We have no way knowing if rdrand has hidden structure. Such a compromise would amount to a backdoor into most crypto. But systemd folks say that their application of the output of rdrand doesn't need strong random numbers.
Using logic alone, not being at all knowledgeable re: this level of programming, I will state that that opinion is absolutely pathetic! Using poor tools gives a greater surface for hacker attacks and not trying to minimize that - - - - well I consider that a Microsoft trait but then I don't benefit from the billions spent upon computer security like Microsoft does so maybe I'm wrong! Regards