Starting with the 1.0.2 release of OpenSSL*, RDRAND has been temporarily removed as a random number source. Future releases of OpenSSL will re-incorporate RDRAND, but will employ cryptographic mixing with OpenSSL's own software-based PRNG. While OpenSSL's random numbers will benefit form the quality of RDRAND, it will not have the same performance as RDRAND alone.
Cloudera software, specifically in its distribution of Hadoop*, Navigator Encrypt*, provides transparent data encryption and key management to secure sensitive data at rest.
Cloudera 软件，尤其是 Hadoop* 分发版，Navigator Encrypt*，可提供透明数据加密和关键管理功能，以确保敏感型静态数据安全无虞。 许多全球大型金融机构、医疗机构和零售商均部署了 Cloudera 解决方案，以保护个人身份信息、企业 IP 或其他敏感型数据，从而遵守联邦、行业或内部规范。
The OpenSSL* ENGINE API includes an engine specifically for Intel® Data Protection Technology with Secure Key. When this engine is enabled, the RAND_bytes() function will exclusively use the RDRAND instruction for generating random numbers and will not need to rely on the OS's entropy pool for reseeding. End applications can simply call RAND_bytes(), do not have to invoke RAND_seed() or RAND_add(), and the OpenSSL library will not call RAND_poll() internally.
Download the complete code sample at the bottom of the article.
At the heart of Intel® Data Protection with Secure Key is the digital random number generator (DRNG), a NIST* SP800-90A compliant pseudorandom number generator which is accessed using the RDRAND instruction. Beginning with Intel CPU's code-named Broadwell, Secure Key will also include an SP800-90B and C compliant true random number generator, called an enhanced nondeterministic random number generator in the NIST specifications, that will be accessible via the RDSEED instruction.