This is the
talk page for discussing improvements to the
RDRAND article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
How often is the deterministic generator seeded by the non deterministic conditioner seeded by the entropy source?
In Ivy Bridge, the entropy source runs at 2.5Gbps. The conditioning ratio is 2:1, so the seeding data rate is 1.25 Gbps. Each seed is 256 bits. So the DRBG is reseeded at a maximum rate of 4.88 Million 256bit seeds per second. It will not reseed if there have been no RdRand instructions executed since the last reseed, since it will halt for power saving purposes when idle. David in oregon ( talk) 20:21, 15 December 2011 (UTC)
Why is the random number not used directly, but applied as seed to a pseudorandom generator? — Preceding unsigned comment added by 77.191.195.246 ( talk) 13:38, 5 January 2012 (UTC)
The goal here was to create a random number generator that was compliant to published standards (specifically, SP800-90A) for cryptographically secure RNGs, not to create an ideal RNG. John
In addition, the recently announced RdSeed instruction available on future processors will provide ideal random numbers, compliant with the forthcoming SP800-90B & C specification, albeit more slowly than RdRand. RdSeed uses a CS-PRNG for speed and rate matching. 192.55.55.41 ( talk) 21:29, 30 November 2012 (UTC)
It would be nice to add an asssembler example that would screen a random number — Preceding unsigned comment added by 2A02:8422:1191:6E00:56E6:FCFF:FEDB:2BBA ( talk) 12:44, 10 February 2013 (UTC)
This criticism is illogical and draws together unrelated facts to draw readers to an incorrect interpretation. It is stated that the Dual_EC_DRBG of SP800-90A is kleptographic, but the other three, including the CTR_DRBG are uncontroversial. RdRand is known to use the CTR_DRBG algorithm, so the kleptographic nature of the Dual_EC_DRBG is irrelevant to RdRand and it is incorrect to imply that criticism of the Dual_EC_DRBG constitute criticism of RdRand. — Preceding unsigned comment added by 192.55.54.41 ( talk) 00:18, 4 October 2013 (UTC)
This: "It is impossible for software to tell whether this instruction is actually returning random numbers or whether it has been deliberately subverted, either by Intel, by a malware microcode patch, or by a virtual machine operating system. " is not a valid criticism of RdRand. It is true of all instructions. Trust in the hardware platform has to be established by means outside the running software. David in oregon ( talk) 00:32, 4 October 2013 (UTC)
This: "One of the standards it relies on, NIST SP800-90, was led by an NSA employee" needs to be substantiated or deleted. SP800-90 lists Elaine Barker and John Kelsey as authors. To my knowledge they are NIST employees, not NSA employees. David in oregon ( talk) 00:35, 4 October 2013 (UTC)
Should David in oregon be editing this page? He appears to be the designer of the instruction which is the subject of the Wikipedia article. I think this relationship is a little close for maintaining a Wikipedia:Neutral point of view. Gnuish ( talk) 07:12, 5 October 2013 (UTC) A fair point. Perhaps someone else would care to keep the content objective. It certainly isn't right now. — Preceding unsigned comment added by David in oregon ( talk • contribs) 21:12, 5 October 2013 (UTC)
Bull Mountain is the project name for the RNG that RdRand uses. It is named after Bull Mountain, Oregon. The name was coined sometime between 2008 and 2010. Edward Snowden released details of Bullrun in 2013. Lacking clairvoyance, the names are not causally connected. — Preceding unsigned comment added by David in oregon ( talk • contribs) 22:00, 17 October 2017 (UTC)
The example ASM code does not work under Ubuntu 18.04, NASM version 2.13.02. I guess technically it's still instructive to have the code there, but NASM gives a bunch of errors. Air♠Combat Talk! 21:26, 6 July 2018 (UTC)
Article needs to be updated. This C++ function is from a Qt Creator 4.10.1 project using gcc 9.2.0. [AMD Ryzen]
quint64 hwRandom::getRandom() { quint64 randNum; // something to grab the value in rax // if (CF == 1) valid; if (CF == 0) invalid asm ( "tryAgain: \n" "rdrand %%rax \n" "jnc tryAgain \n" :"=r"(randNum) /* output */ ); return randNum; }
Hpfeil ( talk) 01:46, 22 October 2019 (UTC)
Why is WolfSSL mentioned under "See Also"? (BTW I've used WolfSSL, I have nothing against it)
- There are 25 other SSL/TLS packages in existence, who put WolfSSL here? - WolfSSL isn't mentioned or cited anywhere in the main body - WolfSSL's Wikipedia page doesn't mention RDRAND at all
This smells like shilling, which pains me to say (again, WolfSSL user).
I think WolfSSL should be removed, or we should add in Botan, mBed TLS, MatrixSSL, GnuTLS, etc. — Preceding unsigned comment added by 76.95.209.173 ( talk) 13:43, 29 October 2019 (UTC)
I think some mention should be made of the bugged versions in some AMD devices that may not be fixed unless a revised AGESA is loaded.
https://linuxreviews.org/AMD_Ryzen_3000_series_CPUs_can%27t_do_Random_on_boot_causing_Boot_Failure_on_newer_Linux_distributions — Preceding unsigned comment added by 24.156.255.250 ( talk) 07:34, 30 October 2019 (UTC)
I've moved this article to RDRAND, per the naming convention of other similar articles on x86 instructions (see Category:x86 instructions for the others), and compatibility with Intel's own documentation. -- The Anome ( talk) 10:09, 30 October 2019 (UTC)
This is the
talk page for discussing improvements to the
RDRAND article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
How often is the deterministic generator seeded by the non deterministic conditioner seeded by the entropy source?
In Ivy Bridge, the entropy source runs at 2.5Gbps. The conditioning ratio is 2:1, so the seeding data rate is 1.25 Gbps. Each seed is 256 bits. So the DRBG is reseeded at a maximum rate of 4.88 Million 256bit seeds per second. It will not reseed if there have been no RdRand instructions executed since the last reseed, since it will halt for power saving purposes when idle. David in oregon ( talk) 20:21, 15 December 2011 (UTC)
Why is the random number not used directly, but applied as seed to a pseudorandom generator? — Preceding unsigned comment added by 77.191.195.246 ( talk) 13:38, 5 January 2012 (UTC)
The goal here was to create a random number generator that was compliant to published standards (specifically, SP800-90A) for cryptographically secure RNGs, not to create an ideal RNG. John
In addition, the recently announced RdSeed instruction available on future processors will provide ideal random numbers, compliant with the forthcoming SP800-90B & C specification, albeit more slowly than RdRand. RdSeed uses a CS-PRNG for speed and rate matching. 192.55.55.41 ( talk) 21:29, 30 November 2012 (UTC)
It would be nice to add an asssembler example that would screen a random number — Preceding unsigned comment added by 2A02:8422:1191:6E00:56E6:FCFF:FEDB:2BBA ( talk) 12:44, 10 February 2013 (UTC)
This criticism is illogical and draws together unrelated facts to draw readers to an incorrect interpretation. It is stated that the Dual_EC_DRBG of SP800-90A is kleptographic, but the other three, including the CTR_DRBG are uncontroversial. RdRand is known to use the CTR_DRBG algorithm, so the kleptographic nature of the Dual_EC_DRBG is irrelevant to RdRand and it is incorrect to imply that criticism of the Dual_EC_DRBG constitute criticism of RdRand. — Preceding unsigned comment added by 192.55.54.41 ( talk) 00:18, 4 October 2013 (UTC)
This: "It is impossible for software to tell whether this instruction is actually returning random numbers or whether it has been deliberately subverted, either by Intel, by a malware microcode patch, or by a virtual machine operating system. " is not a valid criticism of RdRand. It is true of all instructions. Trust in the hardware platform has to be established by means outside the running software. David in oregon ( talk) 00:32, 4 October 2013 (UTC)
This: "One of the standards it relies on, NIST SP800-90, was led by an NSA employee" needs to be substantiated or deleted. SP800-90 lists Elaine Barker and John Kelsey as authors. To my knowledge they are NIST employees, not NSA employees. David in oregon ( talk) 00:35, 4 October 2013 (UTC)
Should David in oregon be editing this page? He appears to be the designer of the instruction which is the subject of the Wikipedia article. I think this relationship is a little close for maintaining a Wikipedia:Neutral point of view. Gnuish ( talk) 07:12, 5 October 2013 (UTC) A fair point. Perhaps someone else would care to keep the content objective. It certainly isn't right now. — Preceding unsigned comment added by David in oregon ( talk • contribs) 21:12, 5 October 2013 (UTC)
Bull Mountain is the project name for the RNG that RdRand uses. It is named after Bull Mountain, Oregon. The name was coined sometime between 2008 and 2010. Edward Snowden released details of Bullrun in 2013. Lacking clairvoyance, the names are not causally connected. — Preceding unsigned comment added by David in oregon ( talk • contribs) 22:00, 17 October 2017 (UTC)
The example ASM code does not work under Ubuntu 18.04, NASM version 2.13.02. I guess technically it's still instructive to have the code there, but NASM gives a bunch of errors. Air♠Combat Talk! 21:26, 6 July 2018 (UTC)
Article needs to be updated. This C++ function is from a Qt Creator 4.10.1 project using gcc 9.2.0. [AMD Ryzen]
quint64 hwRandom::getRandom() { quint64 randNum; // something to grab the value in rax // if (CF == 1) valid; if (CF == 0) invalid asm ( "tryAgain: \n" "rdrand %%rax \n" "jnc tryAgain \n" :"=r"(randNum) /* output */ ); return randNum; }
Hpfeil ( talk) 01:46, 22 October 2019 (UTC)
Why is WolfSSL mentioned under "See Also"? (BTW I've used WolfSSL, I have nothing against it)
- There are 25 other SSL/TLS packages in existence, who put WolfSSL here? - WolfSSL isn't mentioned or cited anywhere in the main body - WolfSSL's Wikipedia page doesn't mention RDRAND at all
This smells like shilling, which pains me to say (again, WolfSSL user).
I think WolfSSL should be removed, or we should add in Botan, mBed TLS, MatrixSSL, GnuTLS, etc. — Preceding unsigned comment added by 76.95.209.173 ( talk) 13:43, 29 October 2019 (UTC)
I think some mention should be made of the bugged versions in some AMD devices that may not be fixed unless a revised AGESA is loaded.
https://linuxreviews.org/AMD_Ryzen_3000_series_CPUs_can%27t_do_Random_on_boot_causing_Boot_Failure_on_newer_Linux_distributions — Preceding unsigned comment added by 24.156.255.250 ( talk) 07:34, 30 October 2019 (UTC)
I've moved this article to RDRAND, per the naming convention of other similar articles on x86 instructions (see Category:x86 instructions for the others), and compatibility with Intel's own documentation. -- The Anome ( talk) 10:09, 30 October 2019 (UTC)