On 13 June 2014 06:27, Gunnar Wolf <gw...@gwolf.org> wrote: > > Excuse me if I'm blunt here, but I understand that, on the point of > using entropy to seed a PRNG, if you have several shitty entropy > sources and one _really_ good one, and you xor them all together, the > resulting output is as random as the best of them. If your hardware > entropy source is faulted and produces just an endless stream of > '001001001001001001', xoring it with a valid Golomb sequence will give > you something even more random than a Golomb sequence. > > Or am I misunderstanding my crypto? > >
The proof that XORing streams can't reduce the entropy relies on the sources being independant. I think the issue here is we don't know if RDRAND is independent or not. That said, doing a SHA256 over the output should be sufficient (assuming the CPU doesn't see you're doing a hash and short circuits it). Have a nice day, -- Martijn van Oosterhout <klep...@gmail.com> http://svana.org/kleptog/
