[Cryptography] A TRNG review per day: RDRAND and the right TRNG architecture

Tom Shrimpton teshrim at pdx.edu
Mon Oct 27 11:11:36 EDT 2014

On 10/26/14 7:10 PM, David Leon Gil wrote:
> I thought that the whitening design had been published? They're using
> CTR-DRBG instantiated with AES-128. (This, in itself, is probably all
> the NSA could want; the security strength of that construction is
> rather low.)
> Here's the paper:
> http://www.cryptography.com/public/pdf/Intel_TRNG_Report_20120312.pdf

For additional analysis, along the lines of what was recently
done by Dodis et al. for /dev/random and /dev/urandom, you might find
"A Provable Security Analysis of Intel's Secure Key RNG"
(http://eprint.iacr.org/2014/504) interesting.


More information about the cryptography mailing list