[cryptography] Intel RNG

Marsh Ray marsh at extendedsubset.com
Fri Jun 22 17:55:12 EDT 2012


On 06/22/2012 04:42 PM, Kevin W. Wall wrote:
>
> You wrote "going to DIFFERENT consumers". I am interpreting that as
> different processes, but I don't see how a CPU instruction like RdRand
> or anything else is going to be process or thread or<insert your favorite
> security context here>  aware.  If you would have omitted the "different",
> then it would have made sense.
>
> So am I just reading too much into your statement and you didn't really
> mean "*different*  consumers" or am I simply not understanding what
> you meant? If the latter, if you could kindly explain.

I did mean different consumers :-)

Since we were talking about how/if releasing unconditioned entropy 
samples (e.g. through a different instruction) affects the security of 
the conditioned RdRand output.

So the two consumers might be the unconditioned sample output and the 
conditioner input. Or we might also consider every unconditioned read 
operation as being a separate consumer.

Alternatively, maybe the raw oscillator without AES would be small 
enough to just give one to every core.

- Marsh



More information about the cryptography mailing list