[cryptography] Intel RNG
Joachim at Strombergson.com
Tue Jun 19 07:06:31 EDT 2012
On 2012-06-19 11:30 , coderman wrote:
> On Tue, Jun 19, 2012 at 12:48 AM, Marsh Ray <marsh at extendedsubset.com> wrote:
>> So something is causing AES-NI to take 300 clocks/block to run this DRBG.
>> Again, more than 3x slower than the benchmarks I see for the hardware
>> primitive. My interpretation is that either RdRand is blocking due to
>> "entropy depletion", there's some internal data pipe bottleneck, or maybe
>> some of both.
> it is also seeding from the physical noise sources, running sanity
> checks of some type, and then handing over to DRBG. so there is
> clearly more involved than just a call to AES-NI. 3x as expensive
> doesn't sound unreasonable if the seeding and validation overhead is
I might be missing something. But is it clear that Bull Mountain is
actually using AES-NI? I assumed that one would like to use a separate
HW-engine. Reading from the CRI paper seems (to me) to suggest that this
is actually the case:
"Entropy conditioning is done via two independent AES-CBC-MAC chains,
one for the generator’s key and one for its counter. AES-CBC-MAC should
be suitable as an entropy extractor, and allows reuse of the module’s
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 267 bytes
Desc: OpenPGP digital signature
More information about the cryptography