On Fri, Apr 17, 2020 at 02:53:01PM -0700, Catacombs wrote:
> I would have thought someone could suggest a more trustworthy RNG.
there is no real problem with using the intel RNG.
if it is as part of a proper software RNG setup.
(just dont use anything handpatched by debian devs... *coughs*)
> One of original means of trustworthy communications was to use two
> different computers.
> One was air gapped and used to write encrypted email. And later to
> open and decrypt email from the online computer.
how do you transfer data to/from the "secure" machine?
how do you make sure the airgapped machine has enough entropy?
bottomless rabbitholes full of snakes.
> Which brings me to how to find a more trustworthy RNG
if you dont trust the RNG, why would you trust the CPU?
use 3+ different machines. like one intel, one amd, one raspi.
or mix something really retro / exotic in.
or build your own hardware rng from a bunch of diodes, opamps, and
some leds for display.
or based on a radiation counter.
the more, the merrier.
use each of these machines to generate a transport-grade entropy pad.
print these, or write them down in case of sources that dont have
printer support. i recommend hex.
the quality of each individual transport pad is not critical.
they just need to be unrelated to each other.
exchange the transport grade pads with your communications partners,
using a different path of transmission for each of the pads.
or different couriers. *wiggles fronds*
use pen+paper xor to manually turn the transport-pads into usage-pads
and to en/decrypt transmissions.
using hex notation and xor tables helps a lot with this.
make sure to never ever reuse pad sequences.
this way you dont have to trust the CPU(s) either.
and it encourages succinct communications.