[liberationtech] Random number generation being influenced - rumors

Eugen Leitl eugen at leitl.org
Mon Sep 9 02:14:33 PDT 2013 

----- Forwarded message from coderman <coderman at gmail.com> -----

Date: Sun, 8 Sep 2013 16:44:43 -0700
From: coderman <coderman at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Random number generation being influenced - rumors
Reply-To: liberationtech <liberationtech at lists.stanford.edu>

On Sat, Sep 7, 2013 at 10:26 AM, Eugen Leitl <eugen at leitl.org> wrote:
> ...
> There is a hardware RNG in the AMD Geode LX. I tried very hard to
> find any documentation, but found effectively nothing.
>
> Am I that bad at searching, or this really a black box?

the only decent on-die RNG i have used was XSTORE[0] from VIA Padlock
which allowed you very high speed access to the raw, unwhitened output
of the hardware RNG sourece(s). you could read from both at twice the
rate for maximum throughput.

it was then up to a user-space daemon to read this raw source and
perform cursory and long-lived checks, even benchmarks against large
volumes of TBytes of output for extended confirmation (looking at you
DIEHARDER).

the user-space daemon, having then verified the hardware entropy
sources, performs computation blinding and compression (e.g. hashing
or bocl ciphering) and mixes this obfuscated entropy with the kernel
entropy pool via write to /dev/random.

RDRAND/RDSEED can not be used a trusted manner with access to the
unwhitened, raw output.

the AMD768 RNG has not produced a detailed design like XSTORE and
cryopgraphy research, nor does it support the raw mode like needed,
always reading some "4 bytes:" of randomness (IIRC).

there are USB and other external sources for entropy if your CPU does
not support it, of course. these are useful to augment any userspace
entropy daemons like Havegd.


0. "Evaluation of C3 Nehemiah Random Number Generator"
  http://www.cryptography.com/public/pdf/VIA_rng.pdf
-- 
Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list