This one really does keep coming back like yesterday's herring, doesn't it... On June 23, 2021 10:00:29 AM PDT, James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> wrote: >On Wed, 23 Jun 2021, Stephan Mueller wrote: > >> >> > These changes replace the use of the Linux RNG with the Jitter RNG, >> > which is NIST SP800-90B compliant, to get a proper entropy input >and a >> > nonce as defined by FIPS. >> >> Can you please help me understand what is missing in the current code >which >> seemingly already has achieved this goal? > >The advice we have is that if an attacker knows the internal state of >the >CPU, then the output of the Jitter RNG can be predicted. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.