Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 17 from 4 users
Re: How can you verify the randomness that's coming from a hardware?
by
ETFbitcoin
on 30/10/2022, 10:01:27 UTC
⭐ Merited by Welsh (6) ,o_e_l_e_o (4) ,BlackHatCoiner (4) ,vapourminer (3)
Quote from: larry_vw_1955 on Today at 01:34:52 AM
ok in no way am I an expert on computer cpu architecture but that article is from 2016. 8 years ago. maybe things have changed since then. with new cpus that intel put out. at this point we are talking about 8+ year old cpus. maybe it's time to upgrade if someone has concerns about the safety of their computing platform.

Nothing changed since then. It's still exist on most Intel CPU (12th gen Alder Lake). It's explicitly mentioned on their product brief[1].


Quote from: larry_vw_1955 on Today at 01:34:52 AM
Quote
Keep in mind it's not just about backdoors; RNGs can also simply be implemented badly, which would be hard to test / identify.
Intel has provided documentation about how their RDRAND and RDSEED work. Believe it or not. Trust it or not. But they provided the docs.

Let's see their documentation[6].

Quote from: https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html
RDRAND retrieves a hardware-generated random value from the SP800-90A compliant DRGB and

Quote from: https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html
RDSEED retrieves a hardware-generated random seed value from the SP800-90B and

Both of them are standard from NIST[2-3]. Based on leak by Edward Snowden, NSA influence NIST to make weaker standard[4] and it's been predicted by expert since 2007[5].

[1] https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html
[2] https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final
[3] https://csrc.nist.gov/publications/detail/sp/800-90b/final
[4] https://web.archive.org/web/20130910030443/http://fcw.com/Articles/2013/09/06/NSA-NIST-standards.aspx
[5] https://archive.ph/20120919094854/http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
[6] https://www.intel.com/content/www/us/en/products/docs/processors/embedded/12th-gen-iot-desktop-processors-brief.html][url]https://www.intel.com/content/www/us/en/products/docs/processors/embedded/12th-gen-iot-desktop-processors-brief.html[/url]