[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fix for no ssh



Hello,

On Mon, Jul 08, 2019 at 04:18:28PM -0000, Curt wrote:
> Well, looking at Ted Ts'o short patch, where he mentions the security
> implications of the thing at some length, *twice*

I think that some of Ted's stance might not be because Ted thinks it
is dangerous but because there has been in the past very vocal
opposition to any use of RDRAND, given that it is part of the
unauditable innards of the CPU.

> and reading the following from Ts'o circa 2013:
> 
> https://daniel-lange.com/documents/130905_Ted_Tso_on_RDRAND.pdf
> 
>  I am so glad I resisted pressure from Intel engineers to let /dev/random
>  rely only on the RDRAND instruction.

Note that relying *only* on RDRAND and using RDRAND as *one* of the
entropy sources are different situations.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting


Reply to: