I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction.   To quote from the article below:

"By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors...."

Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea.
Shared publiclyView activity