Pitchforks for RDSEED
Pitchforks for RDSEED
Posted Feb 9, 2024 13:28 UTC (Fri) by zx2c4 (subscriber, #82519)In reply to: Pitchforks for RDSEED by spacefrogg
Parent article: Pitchforks for RDSEED
These are unprivileged CPU instructions. This isn't a kernel scheduler issue.
Posted Feb 9, 2024 14:31 UTC (Fri)
by spacefrogg (subscriber, #119608)
[Link]
Daniel J. Bernstein has an excellent write-up about how you could potentially mis-use an entropy source to force your encryption scheme to leak your private key alongside your ciphertext while making it look perfectly fine. I just fail to find it right now. (It was concentrating on why encryption schemes should not mindlessly access entropy)
The argument is quite simple: You do know how the encryption scheme distributes bits. If you control the entropy bits and the encryption scheme, you can hide the private key in the entropy bits and make the ciphertext partially predictable, enough to recover the private key and thus the original message.
Pitchforks for RDSEED