[cryptography] Intel RNG

coderman coderman at gmail.com
Wed Jun 20 01:43:06 EDT 2012

On Tue, Jun 19, 2012 at 2:30 AM, coderman <coderman at gmail.com> wrote:
> ...
> as for stating that it should never "run dry", or fail to not return
> bits as long as the instruction is working...

i was incorrect; developers should expect this instruction to
infrequently encounter transitory failures requiring retry:

The RDRAND instruction returns with the carry flag set (CF = 1) to
indicate valid data
is returned. It is recommended that software using the RDRAND instruction to get
random numbers retry for a limited number of iterations while RDRAND
returns CF=0
and complete when valid data is returned...

This will deal with transitory underflows. A retry limit should be
employed to prevent a hard failure in
the RNG (expected to be extremely rare) leading to a busy loop in software.

in "Intel Advanced Vector Extensions Programming Reference"
 at http://software.intel.com/file/36945

i would be very curious to know what the distribution of these single
or consecutive failures (CF=0) look like on a busy system or long run
benchmark, and particularly if/how environmental factors* affect
failure rates.

*CPU temperature, voltage regulation, what else?

More information about the cryptography mailing list