Linux RdRand


The FreeBSD project making headlines again:

According to their September 2013 DevSummit Security Report, FreeBSD will not rely solely on internal hardware random number generators manufactured by Intel and VIA. Instead, their entropy will be fed into Yarrow, their existing software generator.

Around the same time, debate was also raging within the Linux community. A petition site was developed urging the removal of support for these random number generators. The Register reported on his usual diplomatic response:

Torvalds argued in his mild outburst [as he’s wont to do] that the values from RdRand are combined with other sources of randomness, which would thwart any attempts to game the processor’s output – but it’s claimed that mix is trivial (involving just an exclusive OR) and can be circumvented by g-men

As I’ve said here many times, ideally you want a pool of high entropy sourced from disparate places. RdRand may have been compromised, but it could still be used with others. If this allegation of weak mixing using XOR was true though, that did represent a potential issue.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person in bios. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.