Reply to post: Re: People trust that?

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

JohnFen

Re: People trust that?

"Because if you can't trust the CPU's RNG, you can't trust ANY RNG."

I don't follow that logic. Can you explain?

"The main reason you want a hardware RNG is because you need a high-throughput TRNG, such as running a key-generating server."

Absolutely. I wasn't arguing against hardware RNGs. I was talking about the RNGs that are included in some CPUs.

"How does one propose to secure the bootstrap procedure without access to any other RNG?"

There are a few ways to do this, depending on the CPU in question, but that's a discussion that can't be effectively had in a comment section. But I wasn't addressing securing the bootstrap procedure, I was really talking about using it for crypto in the more general case. If you're stuck with the CPU RNG for boot-time, then that's what you use. But that doesn't mean you should keep using it for crypto after the boot process completes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021