On Sun, 28 Dec 2008 23:49:06 -0500 Jack Lloyd <[email protected]> wrote:
> On Sun, Dec 28, 2008 at 08:12:09PM -0500, Perry E. Metzger wrote: > > > > Semiconductor laser based RNG with rates in the gigabits per second. > > > > http://www.physorg.com/news148660964.html > > > > My take: neat, but not as important as simply including a decent > > hardware RNG (even a slow one) in all PC chipsets would be. Of course, every time a manufacturer has tried it, assorted people (including many on this list) complain that it's been sabotaged by the NSA or by alien space bats or some such. > I've been thinking that much better than a chipset addition (which is > only accessible by the OS kernel in most environments) would be a > simple ring-3 (or equivalent) accessible instruction that writes 32 or > 64 bits of randomness from a per-core hardware RNG, something like > > ; write 32 bits of entropy from the hardware RNG to eax register > rdrandom %eax > > Which would allow user applications to access a good hardware RNG > directly, in addition to allowing the OS to read bits to seed the > system PRNG (/dev/random, CryptoGenRandom, or similar) It's not obvious to me that you're right. In particular, we need to consider how such an instruction would interact with a virtual machine hypervisor. Is it a bug or a feature that the hypervisor can't intercept the request? Remember that reproducibility is often a virtue. > > I think the JVM in particular could benefit from such an extension, as > the abstractions it puts into place otherwise prevent most of the > methods one might use to gather high-quality entropy for a PRNG seed. > The JVM could just as easily open /dev/urandom today. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
