[cryptography] Intel RNG
noloader at gmail.com
Sat Jun 18 18:36:01 EDT 2011
On Sat, Jun 18, 2011 at 6:01 PM, James Cloos <cloos at jhcloos.com> wrote:
>>>>>> "JL" == Jack Lloyd <lloyd at randombit.net> writes:
> JL> It's also supported in (very very recent) GNU binutils.
> The sample code Intel provided on that page compiled/assembled
> correctly here, using binutils-2.21.
Did you notice......
In rdrand.c, near lines 420 and 460, there are two functions
(_rdrand_get_seed128_retry and _rdrand_get_seed128_method2_retry)
Creates a random value that is fully forward
and backward prediction resistant, suitable for
seeding a NIST SP800-90 Compliant, FIPS
1402-2 certifiable SW DRBG
It appears none of the sensitive material (key, forward value, and
XOR'd intermediate result) is zeroized. Zeroization is a FIPS 140-2
Level 1 requirement.
More information about the cryptography