How to use Intel Ivy Bridge's RNG?

Question

I read that Intel Ivy Bridge processors provide a RNG (RdRand). But how do I use this?

My CPU E3-1270v2 does not provide a RNG flag.

flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms

Also, in /dev, there is no hwrng or hw_random.

aac0%                loop5#               ram14#               stdout@              tty34%               tty62%
block/               loop6#               ram15#               systty@              tty35%               tty63%
bsg/                 loop7#               ram2#                tty%                 tty36%               tty7%
bus/                 lp0%                 ram3#                tty0%                tty37%               tty8%
cdrom@               lp1%                 ram4#                tty1%                tty38%               tty9%
char/                lp2%                 ram5#                tty10%               tty39%               ttyS0%
console%             lp3%                 ram6#                tty11%               tty4%                ttyS1%
core@                MAKEDEV@             ram7#                tty12%               tty40%               ttyS2%
cpu/                 mapper/              ram8#                tty13%               tty41%               ttyS3%
cpu_dma_latency%     mcelog%              ram9#                tty14%               tty42%               urandom%
crash%               mem%                 random%              tty15%               tty43%               usbmon0%
disk/                net/                 raw/                 tty16%               tty44%               usbmon1%
dvd@                 network_latency%     root@                tty17%               tty45%               usbmon2%
fb@                  network_throughput%  rtc@                 tty18%               tty46%               vcs%
fb0%                 null%                rtc0%                tty19%               tty47%               vcs1%
fd@                  nvram%               scd0@                tty2%                tty48%               vcs2%
full%                oldmem%              sda#                 tty20%               tty49%               vcs3%
fuse%                port%                sda1#                tty21%               tty5%                vcs4%
hidraw0%             ppp%                 sda2#                tty22%               tty50%               vcs5%
hidraw1%             ptmx%                sda3#                tty23%               tty51%               vcs6%
hpet%                ptp0%                sg0%                 tty24%               tty52%               vcsa%
hugepages/           ptp1%                sg1%                 tty25%               tty53%               vcsa1%
hvc0%                ptp2%                sg2%                 tty26%               tty54%               vcsa2%
input/               ptp3%                sg3%                 tty27%               tty55%               vcsa3%
kmsg%                pts/                 sg4%                 tty28%               tty56%               vcsa4%
log=                 ram0#                sg5%                 tty29%               tty57%               vcsa5%
loop0#               ram1#                shm/                 tty3%                tty58%               vcsa6%
loop1#               ram10#               snapshot%            tty30%               tty59%               vga_arbiter%
loop2#               ram11#               sr0#                 tty31%               tty6%                watchdog%
loop3#               ram12#               stderr@              tty32%               tty60%               zero%
loop4#               ram13#               stdin@               tty33%               tty61%

So, how do I use the Intel's RNG feed?

*"My [CPU] does not provide a RNG flag"* there is an RdRand flag, though. — Luc, Oct 19 '14 at 15:31
That 2.6.32 kernel is horriby old; I don't know if RH has backported RdRand support. — CL., Oct 19 '14 at 16:08
http://stackoverflow.com/questions/20970643/generating-random-numbers-cpu-vs-gpu-which-currently-wins/20970894#20970894 — Z boson, Oct 21 '14 at 19:09
You can do this in C with intrinsics (see the link above). But I'm not sure that's what you really are asking. — Z boson, Oct 21 '14 at 19:15

score 2 · Answer 1 · answered Oct 19 '14 at 14:52

2

If the processor supports RdRand, it should automatically feed it in /dev/random. However, even if Intel claim "Ivy Bridge supports RdRand", it might not be true for certain previous Ivy Bridge models. More info here:

http://en.wikipedia.org/wiki/RdRand

So a answer to your question: Use /dev/random as you normally would do. If RdRand is supported, you should be able to get far more random data than without RdRand.

answered Oct 19 '14 at 14:52

sebastian nielsen

505
1
10
23

Thanks. So I have no direct access to the Intel's RNG data? My problem is that the entropy for /dev/random is always around 150, so I thought, it is not working. Can I check somehow, if it is working or not? – user1091344 Oct 19 '14 at 14:55
"entropy"? Do you mean the amount of bytes you can get at once? /dev/random will Always be "full", its just the refill rate that gets higher if you have more random sources in your system. The problem with testing if it works, is that the CPU processor speed can affect the refill rate too, so you do not have any clear-cut way to check if RdRand is working. – sebastian nielsen Oct 19 '14 at 15:01
2

@user1091344 [Use `/dev/urandom` instead of `/dev/random`](https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key/3939#3939). – Gilles 'SO- stop being evil' Oct 20 '14 at 07:02
@Gilles, but I should not use /dev/urandom for key generation? – user1091344 Oct 20 '14 at 18:40
@user1091344 [`/dev/urandom` is fine for key generation](https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key/3939#3939). Please read the answer that I linked. – Gilles 'SO- stop being evil' Oct 21 '14 at 16:43
I thought Theodore Ts'o said he did not use `RdRand` in `/dev/random` http://en.wikipedia.org/wiki/RdRand#Reception – Z boson Oct 21 '14 at 19:14
1

No. What he said is that he not gonna use RdRand ONLY in /dev/random generation. Rather, they add the RdRand data like other sources. FreeBSD also runs the data through Yarrow too as a additional precaution. Thus RdRand does improve /dev/random, but if RdRand would be compromised, it would not result in anything more than /dev/random becoming a /dev/random without RdRand for the person who compromised RdRand. Thus protecting against any "backdoors" in RdRand. – sebastian nielsen Oct 22 '14 at 07:07
@sebastiannielsen, oh I see, thanks for the clarification. I missed the word only in "I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction". – Z boson Oct 22 '14 at 16:48

score 0 · Answer 2 · answered Oct 20 '14 at 04:56

0

What can happen on a newly boot system is the entropy count will be low. You can see how much is available like this:

# sysctl kernel.random.entropy_avail

Have a look at: rngd

This will help get you entropy levels up.

answered Oct 20 '14 at 04:56

1

I think, now I understood it. rdrand is a cpu instruction and rngd is calling this cpu instruction and feed it into /dev/random. that's the reason, I can not find it in /dev and it is not working... – user1091344 Oct 20 '14 at 15:39

How to use Intel Ivy Bridge's RNG?

2 Answers2