Fresh reply email from a company:

Hello,
Thank you for your suggestion.
We do not accept suggestions via email.
[...]
Posted Tue Oct 1 10:27:00 2013 Tags:

I haven't heard of anyone else articulating this particular hypothetical attack on random number generation as done on Linux. The gist of it is that the way the Linux kernel mixes in RDRAND outputs into the random number generator algorithm's output makes it possible for the latter to be weakened/substituted. A weakened random number generator can be used to undermine the cryptographic software that secures everything from Internet traffic to files stored safely at home: this part is established fact & practice.

This particular vulnerability exists because of a few factors:

  • LKML's attraction to performance & simplicity over certain types of robustness & expertise, and
  • our acceptance of opaque software that can change the operation of our computers for better or for worse, and
  • a legal regime, such as the one in the US, that enables a government to force Intel or other companies to include such backdoors and tell nobody.
The former is a matter of educating developers. The second is a matter of educating the world about the value of openness in their computing systems. The last is a matter of tyranny politics. My hope is that the first two can trump the last.

UPDATE: Here's a thread on HN with almost the same idea. A few folks at this thread got the same idea.
Posted Fri Oct 18 06:11:00 2013 Tags: