in 2007 two researches from Microsoft discovered the NSA has put a PRNG with a backdoor in it in an NIST standard called Special Publication 800-90.
just having the first 32 bytes of the PRNG sequence would give whoever has the keys to the backdoor the entire random stream, which is used to derive encryption keys.
every TLS handshake begins with the client sending in plaintext 32 bytes of random data so if the NSA sniffs that data, they can get the encryption keys for that session.
according to the Snowden leaks around 2010 the NSA has gained new "Cryptanalytic capabilities"
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
http://www.forbes.com/sites/dougschoen/2013/09/07/the-threat-at-home-the-nsa-and-the-golden-age-of-spying/in 2011 production of intel's Ivy Bridge architecture begun.
it includes a new feature, a hardware random number generator which conforms to the NIST SP800-90 standard.
the same standard the NSA has managed to put their backdoor in.
https://en.wikipedia.org/wiki/RdRandthe code name for this random number generator is Bull-Mountain, the code name for the NSA's cipher breaking capabilities according to the Snowden leaks is Bull-Run.
it seems obvious to me Intel is in bed with the NSA, and any encryption library which uses intel's hardware random number generator is worthless.
