Also interesting are the other three blog entries, particularly "Entropy Attacks!" that talks about how hashing RDRAND into an entropy pool right before using it (an obvious use that seems like a good idea) could, with a malicious implementation, cause a lower entropy output that would reveal your DSA private key...
> When I heard about this draft I assumed that NIST had engaged in (1) an honest retrospective review of known security flaws in NIST standards and (2) an honest analysis of ways in which those flaws could have been avoided by modifications in NIST's standardization process. The current draft is, unfortunately, very far from this, and as a result is very difficult to take seriously.
