[dlitz]

> why would you choose to trust all instructions but rdrand

Presumably, there are limits to the amount of silicon that Intel/NSA can devote to backdooring everyone. Since other instructions are supposed to behave deterministically, it could be expensive to backdoor them in a way that would not easily be discovered.

On the other hand, RDRAND could be a straightforward Dual_EC_DRBG implementation, which would be a very cheap and effective backdoor that would also have the nice benefit of keeping people's communications secure against everyone except the NSA.

Of course, there's also the possibility that there's no backdoor, but that the implementation is still buggy.

There's no reason why our trust in the hardware has to be all or nothing.