A thermal noise-generator is fine from a physics perspective. I think that people maybe can't verify what's actually on the die.
How much do we trust what we're told about the circuit? Does its interface talk to that noise-source all the time? Or is there a cutaway inside that maybe jumps to a seeded PRNG in response to a special memory-write? Would you know if it did?
I'm not saying that RDRAND is backdoored. I've got no reason to assume that it is. But it would also be very hard to prove that it -isn't-. If I was doing something where I actually cared about the quality of my entropy, I might not want to just take Intel at their word.
How much do we trust what we're told about the circuit? Does its interface talk to that noise-source all the time? Or is there a cutaway inside that maybe jumps to a seeded PRNG in response to a special memory-write? Would you know if it did?
I'm not saying that RDRAND is backdoored. I've got no reason to assume that it is. But it would also be very hard to prove that it -isn't-. If I was doing something where I actually cared about the quality of my entropy, I might not want to just take Intel at their word.