[openssl-dev] Work on a new RNG for OpenSSL
Paul Dale
paul.dale at oracle.com
Tue Aug 22 00:06:05 UTC 2017
Uri wrote:
>> It might also use things like RDRAND / RDSEED which we don't trust.
> ...
> From cryptography point of view, it cannot hurt, but may help a lot
There is a scenario where it does hurt: https://www.lvh.io/posts/2013/10/thoughts-on-rdrand-in-linux.html
This attack wouldn't be difficult to implement given all the out of order execution and look ahead that CPUs do. It requires a compromised RDRAND instruction changing the behaviour of a subsequent XOR into a copy. Not only would it not be producing random bits but it would remove any randomness from the bits you already have.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
More information about the openssl-dev
mailing list