[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use of RDRAND in $random_library

On 6/11/14, Joey Hess <joeyh@debian.org> wrote:
> I stumbled over a library which has switched to using RDRAND in a new
> upsteam version (not yet packaged), instead of /dev/urandom[1].

Which library is using it?

>
> I don't have a stong opinion on the security of RDRAND, which is a
> contentious topic in a domain I am not expert in. However, I would much
> rather rely on linux developers to make the right decision on that,
> rather than libraries deciding on an ad-hoc basis. Especially because
> the kernel has a wider spectrum of choices than use/avoid (IIRC it
> currently mixes in RDRAND with other entropy sources.)
>

I tend to agree for a few reasons. Genreally, I don't trust RDRAND and
the doping paper doesn't help:

  http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/

> Perhaps we should avoid libraries in Debian using RDRAND directly,
> if the library has uses related to security. (Maybe some game or
> simulation library would have a good reason to use it.)
>

Quite a few programs and libraries will have this issue if a cursory
search of the internet is an indication.

> Would it make sense to scan for the opcode?

Yes, very much so. It is potentially a security bug. It will be
interesting to track it.

All the best,
Jacob
Reply to: