On 2019-07-08, Greg Wooledge <wool...@eeg.ccf.org> wrote: > > I don't have any opinions at this time about the trustworthiness of > various x86 CPU RDRAND instructions, but...
Well, looking at Ted Ts'o short patch, where he mentions the security implications of the thing at some length, *twice*---once in the "intro" I quoted, and once again in the comments of the patch itself, where he says Since this is not something that can be independently audited, this amounts to trusting that CPU manufacturer (perhaps with the insistence or mandate of a Nation State's intelligence or law enforcement agencies) has not installed a hidden back door to compromise the CPU's random number generation facilities. and reading the following from Ts'o circa 2013: https://daniel-lange.com/documents/130905_Ted_Tso_on_RDRAND.pdf I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction. To quote from the article below: "By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors...." Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea (quoted article "N.S.A. Foils Much Internet Encryption" from nytimes.com) the opinion I form is this is dishonest and wrong of Debian, *as things now stand and to my knowledge of the workaround and the Buster release-notes describing it*, to implement a default, exclusive reliance on the RNG of a closed-source, black-box cpu, without clearly spelling out the grave security concerns attached to this reliance (I'd like to see a direct quote of Theodore Ts'o in the release-notes, who, after all, is the authority in this matter. > What on earth happened to simply saving entropy on disk across reboots? This is the very "insecurity" (entropy saved across boot) which systemd strived to get rid of, as I understand it (thus the problem). -- "These findings demonstrate that under appropriate conditions the isolated, intact large mammalian brain possesses an underappreciated capacity for restoration of microcirculation and molecular and cellular activity after a prolonged post-mortem interval." From a recent article in *Nature*. Holy shit.
