Re: use of RDRAND in $random_library
On 6/11/14, Joey Hess <email@example.com> wrote:
> I stumbled over a library which has switched to using RDRAND in a new
> upsteam version (not yet packaged), instead of /dev/urandom.
Which library is using it?
> I don't have a stong opinion on the security of RDRAND, which is a
> contentious topic in a domain I am not expert in. However, I would much
> rather rely on linux developers to make the right decision on that,
> rather than libraries deciding on an ad-hoc basis. Especially because
> the kernel has a wider spectrum of choices than use/avoid (IIRC it
> currently mixes in RDRAND with other entropy sources.)
I tend to agree for a few reasons. Genreally, I don't trust RDRAND and
the doping paper doesn't help:
> Perhaps we should avoid libraries in Debian using RDRAND directly,
> if the library has uses related to security. (Maybe some game or
> simulation library would have a good reason to use it.)
Quite a few programs and libraries will have this issue if a cursory
search of the internet is an indication.
> Would it make sense to scan for the opcode?
Yes, very much so. It is potentially a security bug. It will be
interesting to track it.
All the best,