flat assembler
Message board for the users of flat assembler.
Index
> Windows > How to generate random numbers? Goto page Previous 1, 2, 3 Next |
Author |
|
AsmGuru62 28 May 2022, 22:41
If it is hardware generated -- why does it need RDSEED?
|
|||
28 May 2022, 22:41 |
|
bitRAKE 29 May 2022, 00:46
The purpose of RDSEED is to get a value for a wider/faster software generator.
(It doesn't seem weird to anyone else that this instruction links all the cores together - for random data?) _________________ ¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup |
|||
29 May 2022, 00:46 |
|
AsmGuru62 29 May 2022, 01:20
Once, long ago (end of 80s) I was involved in something like this:
https://www.spiedigitallibrary.org/conference-proceedings-of-spie/11022/2522433/Robust-random-number-generator-based-on-field-effect-transistor/10.1117/12.2522433.short?SSO=1 Not sure if our device was exactly on the same principle, that described in the link. But it would start generating as soon as power is on. No seeds of any kind -- truly random. I was writing a self test routine for it. It was fun! I think that this instruction does not do something like that. If it wants a seed, then it is pseudo-random. |
|||
29 May 2022, 01:20 |
|
revolution 29 May 2022, 01:32
Intel states that rdrand is a PRNG with a "special" circuit for seeding.
And therein lies the problem. They never publish the seeds, or the method of seeding. So there is no way to verify the seed is really random. It might be using an LCG with period 2^60. Impossible for anyone not aware of the internals to reverse, but "easy" for the NSA to spin through all 2^60 seeds to find the one you used to generate your LUKS key. Last edited by revolution on 29 May 2022, 06:29; edited 1 time in total |
|||
29 May 2022, 01:32 |
|
bitRAKE 29 May 2022, 02:09
I'm not seeing many random bit generators in the GHz range (excluding optical/laser methods). Most of them feed random bits into a wider algorithmic hardware generator - like Intel's design.
RDRAND & RDSEED performance is drastically different between Intel/AMD. They are clearly doing completely different things under the hood. I would argue that RDSEED should be slow. The nature of the instruction is such that the intent is strictly for initialization of software techniques. Whereas RDRAND is intended as a PRNG on it's own. AMD's timings bear this out. Neither is a replacement for software methods. _________________ ¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup |
|||
29 May 2022, 02:09 |
|
Ali.Z 29 May 2022, 14:18
I use Park-Miller PRNG.
_________________ Asm For Wise Humans |
|||
29 May 2022, 14:18 |
|
revolution 29 May 2022, 14:57
Ali.Z wrote: I use Park-Miller PRNG. Quote: The Lehmer random number generator (named after D. H. Lehmer), sometimes also referred to as the Park–Miller random number generator (after Stephen K. Park and Keith W. Miller), is a type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. |
|||
29 May 2022, 14:57 |
|
Overclick 29 May 2022, 15:13
Quote:
Is it big deal to modify the result at your own? Who know what did you made with it? Shift bits for example, replace bytes, etc |
|||
29 May 2022, 15:13 |
|
revolution 29 May 2022, 15:26
Overclick wrote:
Many libraries will mix in seeding data from rdrand/rdseed but they won't adjust the entropy value to indicate it made things better. The mistrust runs deep in the security folk. And rightly so. Too many times it has been shown how large corps have introduced intentional backdoors. |
|||
29 May 2022, 15:26 |
|
Overclick 30 May 2022, 11:37
Quote:
You are assembly programmer, how can you believe those conspiracy theories? 1) You have to manage the result of random anyway, I mean size, symbols,markers. Especially where used for security purpose like random security keys. It never ready to use, it have to be prepared and only god knows how exactly you wish to do it. 2) How they develop hardware even if it can be patched? By years? Years of developing to finally guess what exactly OS, security protocols and purpose of use is? What if I use that random to switch a snow on my screen? Who or what AI have to analyse that tons of useless data? Is all of that POWER just wasting my processor space or it sends the data by somehow by hack my unknown OS its drivers and its network settings? WOW... 3) Concurrency? F..k it, we need more space for our conspiracy logic. I did read that conspiracy theories too. Its funny, nothing else. |
|||
30 May 2022, 11:37 |
|
revolution 30 May 2022, 11:58
Overclick wrote: ... conspiracy theories too. Its funny, nothing else. NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library, which resulted in RSA Security becoming the most important distributor of the insecure algorithm. |
|||
30 May 2022, 11:58 |
|
Overclick 30 May 2022, 16:13
Cryptography library is most funny think in modern world. Who use it? Those guys just know nothing about programming that why they need to trust somebody for their protection. They use it as it is and hope nobody rob them. Similar to use cracked soft and hope there is no trojan on it.
But back to CPU instruction, it is absolute different thing. You don't ask CPU to create some trusted keys or crypt your secrets. It just provide some sort of random trash you have to configure for own purpose. |
|||
30 May 2022, 16:13 |
|
revolution 30 May 2022, 16:51
Overclick wrote: But back to CPU instruction, it is absolute different thing. You don't ask CPU to create some trusted keys or crypt your secrets. It just provide some sort of random trash you have to configure for own purpose. The only possible solution is to use real random data that can be trusted. Since rdrand has secret internal components that Intel/AMD won't reveal then they are automatically not trusted. Intel/AMD might be creating real true randomness, but no one can verify it so it might as well not exist in the cryptographers mind. It's just the way they do things. You get caught with your pants down once, and you learn to lock the door next time. |
|||
30 May 2022, 16:51 |
|
Overclick 30 May 2022, 18:00
Cryptography doesn't need randomisation at all. It needs algorithm to convert something to and back. You may create the random key or not, it is up to you. You have to save it anyway. And why do you believe the key is leak by CPU directly? Why you use the key as some solid block or trust some libraries for processing? You want to be caught with pants down?
But, back to Randomiser, we talk about random numbers. Pure numbers, provided by CPU for unknown purpose. And I don't see ANY risks of that. But you talk about long chain of conspiracy, too long: 1) Prepare the cryptography soft by one side. Exact step by step for triggered instruction. 2) Prepare instruction inside CPU by dealing with huge corporacy (intel/amd/both) That instruction have to understand all of that steps at (1). Step left or step right and all conspiracy plan is wasted ))) The question: why plan (1) cannot completely do all dirty job? Why it needs that big preparation? Usually it does, as happen in your example. |
|||
30 May 2022, 18:00 |
|
revolution 30 May 2022, 18:32
The bedrock of cryptography is having good random numbers. So to say it isn't necessary is really bad. Without randomness cryptography isn't possible. All you end up with is encoding and transformations, and no security.
Anyhow, up to you if you are okay to use rdrand without reservation. For many non-cryptographic purposes it will be fine. I choose to trust open libraries that don't hide things, over implementations that have hidden secrets that can't be verified. Claims about security without proof are worthless. Intel;s claims about their super-uber-rdrand are also worthless. No serious cryptography expert accepts such claims without proof. Amateurs shouldn't dismiss the experts so easily IMO. Experts know what they are talking about more than everyone else, that's why they are the experts. |
|||
30 May 2022, 18:32 |
|
Overclick 30 May 2022, 19:54
Quote:
You did not answered. Conspiracy theories doesn't make them experts. Quote:
What is problem to have it from rdrand? What if someone break the algorithm they declared to use to take random numbers from rdrand? How blind cpu will react on that? Analyse full code? No way man, it is impossible at all. As I said (1) and (2) have to work in one team for that bloody plan, prepare for exact OS and config. How much it cost? And as I said there is no need for (2). (1) can do all of the job. If you trust them to make the key, then what is matter how they rob you next? CPU developed for years and soft can get changes everyday. How you believe they manage it? (2) cannot work alone. For example: 'secret government' expect you get random bytes one by one but you did not. You skip some, shift or any else mixing operations == PLAN WASTED |
|||
30 May 2022, 19:54 |
|
Furs 31 May 2022, 12:54
revolution wrote: The bedrock of cryptography is having good random numbers. So to say it isn't necessary is really bad. Without randomness cryptography isn't possible. All you end up with is encoding and transformations, and no security. You think "mixing bits" is not secure but an open library doing just that is, because...? Hardware-assisted seeds (with hardware sources) are always possibly more random than anything else you can do. But sure, just mix rdrand with something else, XOR it or whatever. Can't do harm since they're supposedly uncorrelated (if they're correlated, you have bigger issues, because your source is the same as rdrand). |
|||
31 May 2022, 12:54 |
|
revolution 31 May 2022, 13:01
Random generators of bits don't appear in the source code. They are random, that's the point. Each time you run to code it works with different values from the generator.
If the RNG is some hardware component, or some external component (like network timing, keystroke timing, mouse movements, clock drift, etc.), then it is fine for the software source code to be open, the data don't come from the source code. The software only works with the data it is given. Unpredictable data in => secure outputs. It's all a solved problem. Cryptographers actually only consider something secure if they can see all the inner workings and still can't predict the outputs. Or they treat it with suspicion if it is a secret and can't examine it. Intel, what are you hiding? Show your implementation and prove it is genuine. |
|||
31 May 2022, 13:01 |
|
AsmGuru62 31 May 2022, 14:46
I wonder if anyone at Intel is aware of this forum.
|
|||
31 May 2022, 14:46 |
|
Goto page Previous 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.