|
|
|
|
|
|
by Dosenpfand
4662 days ago
|
|
|
You can't audit RdRand because it's hardware, not software code: >It is impossible for software to tell whether this instruction is actually returning random numbers or whether it has been deliberately subverted, either by Intel, by a malware microcode patch, or by a virtual machine operating system. One of the standards it relies on, NIST SP800-90, was led by an NSA employee and contained subverted randomness standards. https://en.wikipedia.org/wiki/RdRand But since RdRand isn't the only source of randomness, it doesn't matter if it's backdoored, or so Linus claims. |
|
|