[GTALUG] Ryzen 3000 CPUs vs Linux
D. Hugh Redelmeier
hugh at mimosa.com
Tue Jul 9 16:09:15 EDT 2019
| From: Christopher Browne via talk <talk at gtalug.org>
| This sure seems to point at rdrand being a scary feature to consider using.
I put the blame squarely on AMD. They've botched rdrand a couple of
times. It's not really our job to wonder if instructions aren't
implemented correctly. Imagine if FDIV didn't work? Whose problem would
that be?
| I imagine that it would be better to access /dev/urandom or /dev/random,
| and have those facilities mix rdrand in somewhat, if possible.
In this case, not really. Read the comments in the code (not the commit):
<https://github.com/systemd/systemd/blob/master/src/basic/random-util.c>
rdrand is suspect for another reason. We have no way knowing if
rdrand has hidden structure. Such a compromise would amount to a
backdoor into most crypto. But systemd folks say that their
application of the output of rdrand doesn't need strong random numbers.
More information about the talk
mailing list