• @argv_minus_one@beehaw.org
    link
    fedilink
    English
    151 year ago

    “Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”

    Good idea. Ask it during boot/insmod for some hardware-random bits to seed Linux’s usual software-only CSPRNG, then just use that.

    And even that might not be a great idea. I wouldn’t be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency’s behest. I remember there being a controversy over rdrand for this reason…

    • @pingveno@lemmy.ml
      link
      fedilink
      English
      41 year ago

      The fix with any possible issues with rdrand is the same here. When entropy is gathered from many sources including hardware instructions, any nefarious plant in the chip is drowned out in a sea of noise.

    • @MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      11 year ago

      Well, it’s an fTPM, aka software, and AFAIK, no software can truly have a random RNG.

      So it might be very good pseudo random at best.

      • @argv_minus_one@beehaw.org
        link
        fedilink
        English
        11 year ago

        It could be only mostly firmware, with a hardware RNG.

        If not, and it uses a CSPRNG, then I don’t see much point in using it at all. Linux already has its own CSPRNG.