Re: use of RDRAND in $random_library

[Martijn van Oosterhout <kleptog@gmail.com>]

On 13 June 2014 06:27, Gunnar Wolf <gwolf@gwolf.org> wrote:

Excuse me if I'm blunt here, but I understand that, on the point of
using entropy to seed a PRNG, if you have several shitty entropy
sources and one _really_ good one, and you xor them all together, the
resulting output is as random as the best of them. If your hardware
entropy source is faulted and produces just an endless stream of
'001001001001001001', xoring it with a valid Golomb sequence will give
you something even more random than a Golomb sequence.

Or am I misunderstanding my crypto?

The proof that XORing streams can't reduce the entropy relies on the sources being independant. I think the issue here is we don't know if RDRAND is independent or not. That said, doing a SHA256 over the output should be sufficient (assuming the CPU doesn't see you're doing a hash and short circuits it).

Have a nice day,

--
Martijn van Oosterhout <kleptog@gmail.com> http://svana.org/kleptog/