Re: use of RDRAND in $random_library
Russ Allbery dijo [Thu, Jun 12, 2014 at 07:08:40PM -0700]:
> > If you don't trust a hardware random number generator, you should not
> > xor it and another random number source together; after all, if you
> > believe the numbers coming out of the hardware random source are not
> > actually random, you might just as easily believe that they're the
> > precise non-random values needed to xor with another CPU register to
> > produce non-random values.
> I would certainly hope that the mixing algorithm of any decent random
> number source is better than just xor. And given that, I don't believe
> the mathematics supports your assertion here. It's considerably harder to
> backdoor a random number generator to cause a higher-level mixing random
> number generator that combines multiple sources of entropy to produce
> predictable random numbers than it is to cause it to spit out predictable
> random numbers directly.
Excuse me if I'm blunt here, but I understand that, on the point of
using entropy to seed a PRNG, if you have several shitty entropy
sources and one _really_ good one, and you xor them all together, the
resulting output is as random as the best of them. If your hardware
entropy source is faulted and produces just an endless stream of
'001001001001001001', xoring it with a valid Golomb sequence will give
you something even more random than a Golomb sequence.
Or am I misunderstanding my crypto?