----- Forwarded message from coderman <coderman@gmail.com> ----- Date: Sun, 8 Sep 2013 16:44:43 -0700 From: coderman <coderman@gmail.com> To: liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [liberationtech] Random number generation being influenced - rumors Reply-To: liberationtech <liberationtech@lists.stanford.edu> On Sat, Sep 7, 2013 at 10:26 AM, Eugen Leitl <eugen@leitl.org> wrote:
... There is a hardware RNG in the AMD Geode LX. I tried very hard to find any documentation, but found effectively nothing.
Am I that bad at searching, or this really a black box?
the only decent on-die RNG i have used was XSTORE[0] from VIA Padlock which allowed you very high speed access to the raw, unwhitened output of the hardware RNG sourece(s). you could read from both at twice the rate for maximum throughput. it was then up to a user-space daemon to read this raw source and perform cursory and long-lived checks, even benchmarks against large volumes of TBytes of output for extended confirmation (looking at you DIEHARDER). the user-space daemon, having then verified the hardware entropy sources, performs computation blinding and compression (e.g. hashing or bocl ciphering) and mixes this obfuscated entropy with the kernel entropy pool via write to /dev/random. RDRAND/RDSEED can not be used a trusted manner with access to the unwhitened, raw output. the AMD768 RNG has not produced a detailed design like XSTORE and cryopgraphy research, nor does it support the raw mode like needed, always reading some "4 bytes:" of randomness (IIRC). there are USB and other external sources for entropy if your CPU does not support it, of course. these are useful to augment any userspace entropy daemons like Havegd. 0. "Evaluation of C3 Nehemiah Random Number Generator" http://www.cryptography.com/public/pdf/VIA_rng.pdf -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5