[cryptography] Intel RNG

Michael Nelson nelson_mikel at yahoo.com
Thu Jun 21 16:53:20 EDT 2012

> James A. Donald wrote:


> I see no valid case for on chip whitening.  Whitening looks like a classic job for
> software.  Why
waste chip real estate on something that will only be used

On that Intel forum site someone pointed to, one of the Intel guys said with respect to the whitening and health testing processes:

"At the output of the DRBG, through RdRand, you have no visibility of these 
processes. We seek to limit the side channels through which an attacker could 
determine the internal state of the DRNG."

I suppose that if the rng was shared between multiple processes, and if a malicious process could read the internal state, then it could predict what another process was going to be given in the near future.

That said, I think that it's a natural factoring to let the user see the bits directly from the hardware source, before any massaging.  Perhaps this could be a mode.


More information about the cryptography mailing list