Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If RDRAND is surreptitiously replacing all your random numbers with AES of the current time, you cannot find that out from observing behavior.

Should you not see it from timing alone being wrong?



Had the same thought. But then on the other hand, when nobody is looking at the timing, nobody will see anything. And those who do see a timing artifact, will they really dig deeper or will they just shrug off another oddity? I would not like to bet on another Clifford Stoll in this day and age.


RDRAND is very slow and you can fix up the timing with a slowdown loop in the microcode.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: