So.. some comments say that we can't know for sure if RdRand is flawed because NSA could tell Intel to do it etc... but can't we really? There are standard methods for checking if RNG is working OK or not.. the most simple one is to run a huge number of tests and see if the result is uniformly distributed. Surely it would be hard to see the actual implementation on hardware level but we don't need to see it.. we only need to know if it is statistically random. What am I missing?
See also http://en.wikipedia.org/wiki/Randomness_test, http://en.wikipedia.org/wiki/Diehard_tests
All these disclosures really do not mean anything. Here is a quote from ars-technica: "NSA is tapping directly into international fiber optic cables and collecting all that information. PRISM, on the other hand, is used to "narrow and focus" that massive stream of information. Once the NSA decides on a target, it will contact Internet companies like Facebook and Google to pinpoint the suspect."
So really.. these companies are not lying when they say that NSA does not have backdoors or direct access to their data. NSA simply wiretaps on ISP level.. they only go to the big ones when they lack some information.
All the music I ever bough was FLAC, mostly thanks to services like Bandcamp. They require the artists to upload their song in lossless and from there they provide all the formats you'd ever want. That's how all music should be sold.. with no shitty codecs and DRM.
Guity as charged. I reuse the passwords too but not on every single site. For random forums and less important stuff I use the same password but for those which could potentially leak my credit card details or some other imprtant information I usually create unique strong passwords.
Slashdot Mirror
So.. some comments say that we can't know for sure if RdRand is flawed because NSA could tell Intel to do it etc... but can't we really? There are standard methods for checking if RNG is working OK or not.. the most simple one is to run a huge number of tests and see if the result is uniformly distributed. Surely it would be hard to see the actual implementation on hardware level but we don't need to see it.. we only need to know if it is statistically random. What am I missing? See also http://en.wikipedia.org/wiki/Randomness_test, http://en.wikipedia.org/wiki/Diehard_tests
All these disclosures really do not mean anything. Here is a quote from ars-technica: "NSA is tapping directly into international fiber optic cables and collecting all that information. PRISM, on the other hand, is used to "narrow and focus" that massive stream of information. Once the NSA decides on a target, it will contact Internet companies like Facebook and Google to pinpoint the suspect." So really.. these companies are not lying when they say that NSA does not have backdoors or direct access to their data. NSA simply wiretaps on ISP level.. they only go to the big ones when they lack some information.
All the music I ever bough was FLAC, mostly thanks to services like Bandcamp. They require the artists to upload their song in lossless and from there they provide all the formats you'd ever want. That's how all music should be sold.. with no shitty codecs and DRM.
Guity as charged. I reuse the passwords too but not on every single site. For random forums and less important stuff I use the same password but for those which could potentially leak my credit card details or some other imprtant information I usually create unique strong passwords.