• 04/09/2016
  • Public Content

A good source of entropy is required to build a high-quality random number generator. The RDRAND instruction provides access to the hardware implementation of the underlying Digital Random Number Generator (DRNG). However, there are some circumstances when the RDRAND instruction may fail. When this happens, the recommendation is to try again up to ten times. Software vendors that have an existing Pseudo-Random Number Generator (PRNG) should use the RDSEED instruction to benefit from the high-quality entropy source of the Intel(R) Secure Key, rather than seeding the PRNG with some value contained in the enclave binary file, since an attacker would have access to it. Depending on uninitialized memory as a source of entropy to seed the PRNG is not a recommended either. Intentional references to uninitialized memory make the code difficult to understand and analyze and alone does not guarantee the randomness of the data collected. Additionally, debugging tools will warn enclave developers about code where uninitialized memory is being used. However, tracking down the source of the uninitialized memory is not straightforward task.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.