RDRAND: Difference between revisions
link to idf slide |
|||
| Line 9: | Line 9: | ||
** Each seed requires at least two healthy values (per-sample result) | ** Each seed requires at least two healthy values (per-sample result) | ||
** "In the rare event a DRNG fails at runtime, it will cease to issue random numbers" | ** "In the rare event a DRNG fails at runtime, it will cease to issue random numbers" | ||
*** There seems no way to detect this situation save executing RDRAND and seeing CF unset. | |||
* "Built-in Self Tests" | * "Built-in Self Tests" | ||
** DRNG is run for 256 samples of OHT validation before being made available to software | ** DRNG is run for 256 samples of OHT validation before being made available to software | ||
** OHT is provided known-bad data and must identify it as "unhealthy" | ** OHT is provided known-bad data and must identify it as "unhealthy" | ||
** Deterministic values are played through the conditioner, and results are verified | ** Deterministic values are played through the conditioner, and results are verified | ||
==Limitations== | ==Limitations== | ||
"The one use case that it is cryptographically insufficient for is to seed a new PRNG, which probably means it is unsuitable for being fed as-is into /dev/random." - [http://www.spinics.net/lists/linux-crypto/msg05883.html H. Peter Anvin], 2011-06-14 | "The one use case that it is cryptographically insufficient for is to seed a new PRNG, which probably means it is unsuitable for being fed as-is into /dev/random." - [http://www.spinics.net/lists/linux-crypto/msg05883.html H. Peter Anvin], 2011-06-14 | ||