Tiresome analogy is tiresome. And you're rather misrepresenting my question, which is: what if rdrand is actively malicious?

Not exactly. Their choice can (depending on design) influence the strength of the crypto produced. The difficulty comes in verifying what a particular set of numbers does. For that reason, no, they couldn't efffectively be part of the key.

So instead of discussing their approach in detail, you start having a go at someone who accuses you of being unscientific? Debate over.

In terms of the volume of something like an iPhone, it just doesn't. It's purely for the benefit of the consumer.

No, the linked article debunks your legitimate concern, up until the point you produced a peer-reviewed paper debunking the debunking. It's called a myth because it is wrong. We use words like that to describe things that are, well nonsense.

You had me up to the point where you seriously suggest the government could successfully run a billion+ dollar profitable business.

You have a point, but after the last few days worth of NSA revelations I don't think anyone that isn't seriously paranoid is thinking carefully enough. I know bugger all about the implementation of Linux's random, but my question is simply this: what are the consequences if an attacker were able to manipulate rdrand at will? If the answer is not nothing, well, something needs tackled.

Oh yes, climate myth #7. And sorry, but I'm not going to debate autocorrelation of time series with you.

Please cite the paper from which you have taken this 1 in 100 figure, or the paper that rebuts the 1 in 1000 assertion.

Also, a 1 in 100 event occurring six years apart is still exceptional, but never mind.

RTFL is an option...

Tape requires to be stored correctly. If not you can often get away with tricks like baking, but it is still not a perfect format. Ultimately, and I hate to use the word, some sort of robust cloud based archive will in the long run prove most satisfactory.

Check Scheier's blog on the NSA decryption story and find Clive Robinson's post on airgapping and building provably secure code.

It doesn't work like that. But we do know the NSA has people in place inside every major Western telecoms/data firm. Now think for a second about the capabilities that could be inserted by someone smart enough to be hired by NSA *and* Google.

Because sandwiching encryption or repeating it simply leaves you open to other, more subtle attacks. Often the effect is to amplify theoretical or marginally practical attacks on the algorithm.

There was some discussion on this on Schneier's blog re the NA decryption story. Halfway down the (very erudite) thread this is discussed. The originally leaked PDF is an April's Fool joke but it was based on a real one, now missing. Some further discussion ensued on the security of Truecrypt, sufficiently interesting to make me doubt it.