Replenish function always using multiple backends?

[solatis]

Hello,

I'm currently analyzing the code of the entropy generating function and the use of the backends by the replenish function. As I understand it, if the RDRAND backend generates enough entropy, the other backends are not used, is that correct ?

The reason I ask is because weaknesses are found in the RdRand instruction, and should only be used in combination of other entropy sources, not as the only one. On top of that, /dev/random already uses RdRand when available, so explicitly supporting it in this library might be redunandant (and even a security liability).

[sdroege]

First part of http://www.leonmergen.com/haskell/crypto/2015/03/21/on-the-state-of-cryptography-in-haskell.html has some background about what these weaknesses that are found (do we know for sure? but better safe then sorry...) are.