[cryptography] Intel RNG

Jeffrey Walton noloader at gmail.com
Sat Jun 18 18:36:01 EDT 2011


On Sat, Jun 18, 2011 at 6:01 PM, James Cloos <cloos at jhcloos.com> wrote:
>>>>>> "JL" == Jack Lloyd <lloyd at randombit.net> writes:
>
> JL> It's also supported in (very very recent) GNU binutils.
>
> The sample code Intel provided on that page compiled/assembled
> correctly here, using binutils-2.21.
>
Did you notice......

In rdrand.c, near lines 420 and 460, there are two functions
(_rdrand_get_seed128_retry and _rdrand_get_seed128_method2_retry)
which claim:

   Creates a random value that is fully forward
   and backward prediction resistant, suitable for
   seeding a NIST SP800-90 Compliant, FIPS
   1402-2 certifiable SW DRBG

It appears none of the sensitive material (key, forward value, and
XOR'd intermediate result) is zeroized. Zeroization is a FIPS 140-2
Level 1 requirement.

Jeff



More information about the cryptography mailing list