Open lemire opened 5 years ago
Hi Lemire, of course you are technically correct. However, you can take steps to convert the results of the hardware generator built into the CPU into guaranteed to be truly random and not back doorable. You do this by sending it through a (modern) cryptographically secure hash function that takes the CPU generator's output as one input along with a good pseudo-random generator's output as a second input. The PRNG requirement is that it has a very large initialization vector (e.g., like that of Mersenne Twister) and that said vector is initialized from a true random entropy source (other than the CPU's output!).
The hashed output will then be guaranteed to be both truly random, secure, and since one of the inputs is coming from a true (entropy source level) RNG, truly random, passing all tests for randomness unlike the PRNG used as one of its inputs.
The caveat with Intel random number generation instructions is that you need to trust Intel's implementation. That is, you must have faith the Intel did not collaborate with the NSA while producing these instructions.
There are secure random number generators where you can inspect all of the code.