dj-on-github
commented
7 years ago The procedure recommending the in the ISK SDG (aka the RdRand documentation) for getting full entropy data out, which would also be superior to all those mitigations is to take 1024 values and compress them to 128 bits using AES-CBC-MAC, either with a fixed key, or your own private key. This would yield full entropy data, since the DRNG is guaranteed to reseed with 256 bits of fresh entropy at a rate higher than once every 511 generations. In practice it's every readout unless you pull particularly fast.
mitigation level 1: pull 2 random number and xor ml 2: pull random # of numbers and xor ml 3: 64 bit custom hash (4 rounds of des?) ml 4: pull 256 bits, sha-256