[cryptography] Intel RNG

coderman coderman at gmail.com
Tue Jun 19 00:58:59 EDT 2012


On Mon, Jun 18, 2012 at 9:46 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> ...
> One thing they could do is provide a mechainsm to access raw samples from
> the Entropy Source component. I.e., the data that "Intel provided [to
> Cryptography Research] from pre-production chips. These chips allow access
> to the raw ES output, a capability which is disabled in production chips."

this is very useful to have in some configurations (not just testing).
for example: a user space entropy daemon consuming raw, biased,
un-whitened, full throughput bits of lower entropy density which is
run through sanity checks, entropy estimates, and other vetting before
mixing/obscuring state, and feeding into host or application entropy
pools.

the Intel RNG conveniently abstracts all of this away from you,
potentially giving you a ready-to-use source without a pesky user
space entropy daemon requirement.

on the other hand, the Intel RNG abstracts all of this away from you,
so your own assurances against the raw output are no longer possible.



> Obviously these samples can't go back into the DRBG, but some developers
> would probably like to estimate the entropy in the raw data. They would
> likely interpret it as a higher quality source if they could reach that
> conclusion with their own code.

yes, particularly when fed through a DIEHARD battery of tests using
hundreds of MB of entropy. hard to do that on die! ;)


gripes aside, this is a design and implementation i like quite a bit,
and i am very happy to see more CPU cores with entropy instructions!
now if only AMD and ARM would follow suit...



More information about the cryptography mailing list