On Wed, 23 Jun 2021, Stephan Mueller wrote: > > > These changes replace the use of the Linux RNG with the Jitter RNG, > > which is NIST SP800-90B compliant, to get a proper entropy input and a > > nonce as defined by FIPS. > > Can you please help me understand what is missing in the current code which > seemingly already has achieved this goal? The advice we have is that if an attacker knows the internal state of the CPU, then the output of the Jitter RNG can be predicted. -- James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>
