[GTALUG] Ryzen 3000 CPUs vs Linux
o1bigtenor
o1bigtenor at gmail.com
Wed Jul 10 07:52:01 EDT 2019
On Tue, Jul 9, 2019 at 3:09 PM D. Hugh Redelmeier via talk
<talk at gtalug.org> wrote:
>
> | From: Christopher Browne via talk <talk at gtalug.org>
>
> | This sure seems to point at rdrand being a scary feature to consider using.
>
> I put the blame squarely on AMD. They've botched rdrand a couple of
> times. It's not really our job to wonder if instructions aren't
> implemented correctly. Imagine if FDIV didn't work? Whose problem would
> that be?
>
> | I imagine that it would be better to access /dev/urandom or /dev/random,
> | and have those facilities mix rdrand in somewhat, if possible.
>
> In this case, not really. Read the comments in the code (not the commit):
>
> <https://github.com/systemd/systemd/blob/master/src/basic/random-util.c>
>
> rdrand is suspect for another reason. We have no way knowing if
> rdrand has hidden structure. Such a compromise would amount to a
> backdoor into most crypto. But systemd folks say that their
> application of the output of rdrand doesn't need strong random numbers.
Using logic alone, not being at all knowledgeable re: this level of
programming,
I will state that that opinion is absolutely pathetic! Using poor
tools gives a greater
surface for hacker attacks and not trying to minimize that - - - -
well I consider that
a Microsoft trait but then I don't benefit from the billions spent
upon computer
security like Microsoft does so maybe I'm wrong!
Regards
More information about the talk
mailing list