very high speed hardware RNG

Steven M. Bellovin smb at cs.columbia.edu
Tue Dec 30 11:45:27 EST 2008


On Sun, 28 Dec 2008 23:49:06 -0500
Jack Lloyd <lloyd at randombit.net> wrote:

> On Sun, Dec 28, 2008 at 08:12:09PM -0500, Perry E. Metzger wrote:
> > 
> > Semiconductor laser based RNG with rates in the gigabits per second.
> > 
> > http://www.physorg.com/news148660964.html
> > 
> > My take: neat, but not as important as simply including a decent
> > hardware RNG (even a slow one) in all PC chipsets would be.

Of course, every time a manufacturer has tried it, assorted people
(including many on this list) complain that it's been sabotaged by the
NSA or by alien space bats or some such.
 
> I've been thinking that much better than a chipset addition (which is
> only accessible by the OS kernel in most environments) would be a
> simple ring-3 (or equivalent) accessible instruction that writes 32 or
> 64 bits of randomness from a per-core hardware RNG, something like
> 
> ; write 32 bits of entropy from the hardware RNG to eax register
> rdrandom %eax
> 
> Which would allow user applications to access a good hardware RNG
> directly, in addition to allowing the OS to read bits to seed the
> system PRNG (/dev/random, CryptoGenRandom, or similar)

It's not obvious to me that you're right.  In particular, we need to
consider how such an instruction would interact with a virtual machine
hypervisor.  Is it a bug or a feature that the hypervisor can't
intercept the request?  Remember that reproducibility is often a virtue.
> 
> I think the JVM in particular could benefit from such an extension, as
> the abstractions it puts into place otherwise prevent most of the
> methods one might use to gather high-quality entropy for a PRNG seed.
> 
The JVM could just as easily open /dev/urandom today.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list