Re: Round and round we go
Whilst technically possible it's not an attack vector you need to worry about. If someone wants to target you that seriously we know from the Snowden disclosures there are easier ways to steal everything you type and everything sent to your screen.
I agree that most people don't need to worry about it...however, some people do, and those that are not targetted can be caught in the crossfire*. As it is a dopant level Trojan, there is nothing to stop this (or something very much like it) having been rolled out across all cpus of a particular type, and it is possible that it could have been done without the manufacturer's explicit knowledge (serve an NSL on a few key technicians). Much like Intel's Management Engine or AMD's 'Secure Processor' (formerly known as PSP) is present in pretty much all commercially available x86 cpu you can buy, it may not be possible to avoid a Trojanned RNG. Unless you find a statistical test that demonstrates the RNG has been Trojanned, it passes standard statistical tests, too.
Until the Dual-EC-DRBG malarky, most people would think such a thing was pure 'tinfoil hat' territory.
Most people and companies are not specific targets of interest to the security and intelligence services, and as you say, don't need to worry about this. Some entirely legitimate commercial organisations do have to worry about such things - for example, if your activities are covered by the Wassenaar arrangement, you do.
It's certainly not a bad idea to run as many statistical test suites as possible, but they never prove that the output is truly random, whereas a failure demonstrates the output is definitely not random.
*Not least, if a malicious entity gains the knowledge of the vulnerability and uses the knowledge to exfiltrate and/or change data for monetary gain.
Further reading:
MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection
Biting the hand that feeds IT
