[cryptography] on using RDRAND [was: Entropy improvement: haveged + rngd together?]

dj at deadhat.com dj at deadhat.com
Mon Dec 2 18:16:28 EST 2013

> the work that you have done to make hardware entropy sources readily
> available in Intel chips should be commended, and i certainly
> appreciate it.  i will however continue to complain until it is even
> better, with configurable access to the raw entropy samples for those
> who wish to evaluate or run the TRNG in this mode.

I'm currently arguing with NIST about their specifications which make it
hard to provide raw entropy while being FIPS 140-2 and NIST SP800-90
compliant. If I had a free hand, it would not be a configuration.
Configurations suck in numerous ways. It would just be there.

Chip design is a slow process. Standards writing is a slow process,
especially when NIST is involved. When one depends on the other it is even
slower. So don't hold your breath waiting for anything to happen.

Feel free to lean on NIST. I notice that they haven't even published the
public comments yet. The comment period for SP800-90 ended over three
weeks ago.

The AES and SHA-3 competitions were not like this, even though RNG's are
less glitzy, they are a more fundamental security feature but they're
getting less attention from NIST.

More information about the cryptography mailing list