flat assembler
Message board for the users of flat assembler.

Index > Main > Intel has added a new instruction (RDRAND) Kewl !

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
DOS386



Joined: 08 Dec 2006
Posts: 1900
DOS386 21 Aug 2011, 15:38
> But before that new instruction, programmers had to work with rdtsc only?

YES. And before RDTSC they had this technology: http://xkcd.com/221/
Post 21 Aug 2011, 15:38
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 21 Aug 2011, 16:00
DOS386 wrote:
> But before that new instruction, programmers had to work with rdtsc only?

YES. And before RDTSC they had this technology: http://xkcd.com/221/
NO. Both Intel and AMD have had some chipsets with built-in RNGs severral years ago. And even without such functionality, operating system built-in PRNGs have collected 'noise' in several different ways.

If you use a decent PRNG, you might be able to get away with seeding it fromt RDTSC... but using RDTSC *in* the PRNG? Doesn't seem like a good idea, as it's a sequentially increasing number.

_________________
Image - carpe noctem
Post 21 Aug 2011, 16:00
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1900
DOS386 21 Aug 2011, 16:11
You can pick randomness from keystokes, mouse movements, HD, BIOS clock, RDTSC, temperature sensors, audio input, ...
Post 21 Aug 2011, 16:11
View user's profile Send private message Reply with quote
emc



Joined: 20 Aug 2011
Posts: 90
Location: France
emc 21 Aug 2011, 16:35
I perceive, thanks for these informations!
Post 21 Aug 2011, 16:35
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 22 Aug 2011, 13:13
There are also these RNGs:

http://en.wikipedia.org/wiki/Xorshift
http://en.wikipedia.org/wiki/Mersenne_twister

I tested these for my STAR TREK clone - excellent generators.
Post 22 Aug 2011, 13:13
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20304
Location: In your JS exploiting you and your system
revolution 22 Aug 2011, 13:19
I think you mean PRNGs. Wink
Post 22 Aug 2011, 13:19
View user's profile Send private message Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 22 Aug 2011, 16:32
Yes, but as I said - tests will not show the difference between the REAL generator and PSEUDO one.
Post 22 Aug 2011, 16:32
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20304
Location: In your JS exploiting you and your system
revolution 22 Aug 2011, 16:40
AsmGuru62 wrote:
Yes, but as I said - tests will not show the difference between the REAL generator and PSEUDO one.
That depends upon which tests you perform. But this point about passing various tests is mostly moot. The main problems with P vs non-P RNGs is (1) the potential for repeatability (whether desired or not) and (2) the possibility of state information leakage. Whether or not a PRNG can successfully pass every conceivable RNG test cannot change the above two points.
Post 22 Aug 2011, 16:40
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20304
Location: In your JS exploiting you and your system
revolution 02 Sep 2011, 00:42
Interesting article about the all-digital generator Intel use.

http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0
Quote:
Our previous analog random-number generator was able to produce only a few hundred kilobits of random numbers a second, whereas our new generator spins them out at a rate of around 3 gigabits per second.
Post 02 Sep 2011, 00:42
View user's profile Send private message Visit poster's website Reply with quote
MCD



Joined: 21 Aug 2004
Posts: 602
Location: Germany
MCD 15 Dec 2011, 01:02
Here is the problem with a real random number instruction:

How can you check that the instruction delivers real physical random numbers, and not simply a TSC-seeded PRNG value? Especially on a chip where you neither know the layout nor can verify its implementation. After all, you can't say "that result shouldn't happen according to that input", since every output is as likely to occur as any other.

On the other hand, maybe the instruction was not intended to be used as a cryptographically secure hardware random number generator, or was it?
Post 15 Dec 2011, 01:02
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20304
Location: In your JS exploiting you and your system
revolution 15 Dec 2011, 01:19
MCD wrote:
How can you check that the instruction delivers real physical random numbers, and not simply a TSC-seeded PRNG value?
You probably can't check that sort of thing reliably. But generally things like this can be detected with statistical tests of varying complexity. In theory a suitably fast and powerful computer could prove, or disprove, if the output is a standard PRNG, but in practice we are nowhere near this stage yet. Generating real random numbers will future proof your system from later attacks.
MCD wrote:
On the other hand, maybe the instruction was not intended to be used as a cryptographically secure hardware random number generator, or was it?
I expect it is intended to be used for cryptographically secure needs. Else why go to all the trouble to develop it if you only get standard PRNG stuff produced by existing computer algorithm?
Post 15 Dec 2011, 01:19
View user's profile Send private message Visit poster's website Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1166
Location: Overflow
Matrix 02 Feb 2012, 21:18
ahah i did something similar now for amd64, getting random numbers at speeds limited by memory write performance
Post 02 Feb 2012, 21:18
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 02 Feb 2012, 21:22
Matrix wrote:
ahah i did something similar now for amd64, getting random numbers at speeds limited by memory write performance
Sounds like something fragile & hacky? Smile

_________________
Image - carpe noctem
Post 02 Feb 2012, 21:22
View user's profile Send private message Visit poster's website Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1166
Location: Overflow
Matrix 02 Feb 2012, 21:34
f0dder wrote:
Matrix wrote:
ahah i did something similar now for amd64, getting random numbers at speeds limited by memory write performance
Sounds like something fragile & hacky? Smile


that was fast Wink

i'll post details, but now i'm kind of busy
Post 02 Feb 2012, 21:34
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 02 Feb 2012, 21:41
Does it involve using special chipset features? (Some AMD (and Intel, for that matter) chipsets have had hardware rngs), or does it involve read/writing arbitrary memory regions that don't have physical memory backing? Smile
Post 02 Feb 2012, 21:41
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4330
Location: Now
edfed 06 Feb 2012, 08:29
no need of rdtsc to generate prng at all.
prng just generate a sequence of bits for a given seed. change the seed, you have a different sequence.
Post 06 Feb 2012, 08:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.