RDRAND: Difference between revisions

link to idf slide
Line 9: Line 9:
** Each seed requires at least two healthy values (per-sample result)
** Each seed requires at least two healthy values (per-sample result)
** "In the rare event a DRNG fails at runtime, it will cease to issue random numbers"
** "In the rare event a DRNG fails at runtime, it will cease to issue random numbers"
*** There seems no way to detect this situation save executing RDRAND and seeing CF unset.
* "Built-in Self Tests"
* "Built-in Self Tests"
** DRNG is run for 256 samples of OHT validation before being made available to software
** DRNG is run for 256 samples of OHT validation before being made available to software
** OHT is provided known-bad data and must identify it as "unhealthy"
** OHT is provided known-bad data and must identify it as "unhealthy"
** Deterministic values are played through the conditioner, and results are verified
** Deterministic values are played through the conditioner, and results are verified
==Limitations==
==Limitations==
"The one use case that it is cryptographically insufficient for is to seed a new PRNG, which probably means it is unsuitable for being fed as-is into /dev/random." - [http://www.spinics.net/lists/linux-crypto/msg05883.html H. Peter Anvin], 2011-06-14
"The one use case that it is cryptographically insufficient for is to seed a new PRNG, which probably means it is unsuitable for being fed as-is into /dev/random." - [http://www.spinics.net/lists/linux-crypto/msg05883.html H. Peter Anvin], 2011-06-14