• Generate A Cryptographically Secure Key Login
• Generate A Cryptographically Secure Key Fob
• Generate A Cryptographically Secure Key Code

Definition

Represents the abstract class from which all implementations of cryptographic random number generators derive.

A cryptographically secure pseudorandom number generator or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator with properties that make it suitable for use in cryptography. It is also loosely known as a cryptographic random number generator. Most cryptographic applications require random numbers, for example: key generation nonces salts in certain signature schemes, including ECDSA, RSASSA-PSS The 'quality' of the randomness required for these applications va. A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography.It is a mathematical algorithm that maps data of arbitrary size (often called the 'message') to a bit string of a fixed size (the 'hash value', 'hash', or 'message digest') and is a one-way function, that is, a function which is practically infeasible to invert. Mar 29, 2017 The security of basic cryptographic elements largely depends on the underlying random number generator (RNG) that was used. An RNG that is suitable for cryptographic usage is called a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). The strength of a cryptographic system depends heavily on the properties of these CSPRNGs.

1. In order for a random number generator to be considered cryptographically secure, in needs to be secure against attack by an adversary who knows the algorithm and a (large) number of previously generated bits.
2. RandomKeygen is a free mobile-friendly tool that offers randomly generated keys and passwords you can use to secure any application, service or device. KEY RandomKeygen - The Secure Password & Keygen Generator.
3. The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here's an example: klar (11:39) ssh-keygen Generating public/private rsa key pair.
4. I need to generate a 256 bit encryption key described by the adjectives in the title. Currently I intend to create the key using this RNG. Is this a secure manner of creating the key, given that it has the following properties: Private key for symmetric encryption; Used many times (of course with unique IV's) And given the following facts.

Derived

Attributes

Implements

Remarks

Cryptographic random number generators create cryptographically strong random values.

To create a random number generator, call the Create() method. This is preferred over calling the constructor of the derived class RNGCryptoServiceProvider, which is not available on all platforms.

Constructors

Methods

Applies to

See also

RDRAND (for 'read random'; previously known as Bull Mountain^[1]) is an instruction for returning random numbers from an Intel on-chip hardware random number generator which has been seeded by an on-chip entropy source.^[2]RDRAND is available in Ivy Bridge processors^[a] and is part of the Intel 64 and IA-32instruction set architectures. AMD added support for the instruction in June 2015.^[4]

The random number generator is compliant with security and cryptographic standards such as NIST SP 800-90A,^[5]FIPS 140-2, and ANSI X9.82.^[2] Intel also requested Cryptography Research Inc. to review the random number generator in 2012, which resulted in the paper Analysis of Intel's Ivy Bridge Digital Random Number Generator.^[6]

RDSEED is similar to RDRAND and provides lower-level access to the entropy-generating hardware. The RDSEED generator and processor instruction rdseed are available with Intel Broadwell CPUs^[7] and AMD Zen CPUs.^[8]

Overview[edit]

The CPUID instruction can be used to check whether the central processing unit (CPU) supports the RDRAND instruction on both AMD and Intel CPUs. If supported, bit 30 of the ECX register is set after calling CPUID standard function 01H.^[9] AMD processors are checked for the feature using the same test.^[10]RDSEED availability can be checked on Intel CPUs in a similar manner. If RDSEED is supported, the bit 18 of the EBX register is set after calling CPUID standard function 07H.^[11]

The opcode for RDRAND is 0x0F 0xC7, followed by a ModRM byte that specifies the destination register and optionally combined with a REX prefix in 64-bit mode.^[12]

Intel Secure Key is Intel's name for both the RDRAND instruction and the underlying random number generator (RNG) hardware implementation,^[2] which was codenamed 'Bull Mountain' during development.^[13] Intel calls their RNG a 'digital random number generator' or DRNG. The generator takes pairs of 256-bit raw entropy samples generated by the hardware entropy source and applies them to an Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which reduces them to a single 256-bit conditioned entropy sample. A deterministic random-bit generator called CTR_DRBG defined in NIST SP 800-90A is seeded by the output from the conditioner, providing cryptographically secure random numbers to applications requesting them via the RDRAND instruction.^[2][13] The hardware will issue a maximum of 511 128-bit samples before changing the seed value. Using the RDSEED operation provides access to the conditioned 256-bit samples from the AES-CBC-MAC.

The RDSEED instruction was added to Intel Secure Key for seeding another pseudorandom number generator,^[14] available in Broadwell CPUs. The entropy source for the RDSEED instruction runs asynchronously on a self-timed circuit and uses thermal noise within the silicon to output a random stream of bits at the rate of 3 GHz,^[15] slower than the effective 6.4 Gbit/s obtainable from RDRAND (both rates are shared between all cores and threads).^[16] The RDSEED instruction is intended for seeding a software PRNG of arbitrary width, whereas the RDRAND is intended for applications that merely require high-quality random numbers. If cryptographic security is not required, a software PRNG such as Xorshift is usually faster.^[17]

Performance[edit]

On an Intel Core i7-7700K, 4500 MHz (45 x 100 MHz) processor (Kaby Lake-S microarchitecture), a single RDRAND or RDSEED instruction takes 110ns or 463 clock cycles, regardless of the operand size (16/32/64 bits). This number of clock cycles applies to all processors with Skylake or Kaby Lake microarchitecture. On the Silvermont microarchitecture processors, each of the instructions take around 1472 clock cycles, regardless of the operand size; and on Ivy Bridge processors RDRAND takes up to 117 clock cycles.^[18]

On an AMD Ryzen CPU, each of the instructions takes around 1200 clock cycles for 16-bit or 32-bit operand, and around 2500 clock cycles for a 64-bit operand.^[18]

An astrophysical Monte Carlo simulator examined the time to generate 10⁷ 64-bit random numbers using RDRAND on a quad-core Intel i7-3740 QM processor. They found that a C implementation of RDRAND ran about 2x slower than the default random number generator in C, and about 20x slower than the Mersenne Twister. Although a Python module of RDRAND has been constructed, it was found to be 20x slower than the default random number generator in Python.^[19]

Generate A Cryptographically Secure Key Login

Compilers[edit]

GCC 4.6+ and Clang 3.2+ provide intrinsic functions for RDRAND when -mrdrnd is specified in the flags,^[20] also setting __RDRND__ to allow conditional compilation. Newer versions additionally provide immintrin.h to wrap these built-ins into functions compatible with version 12.1+ of Intel's C Compiler. These functions write random data to the location pointed to by their parameter, and return 1 on success.^[21]

Applications[edit]

It is an option to generate cryptographically-secure random numbers using RDRAND and RDSEED in OpenSSL, to help secure communications.

The first^{[citation needed][dubious]} scientific application of RDRAND can be found in astrophysics. Radio observations of low-mass stars and brown dwarfs have revealed that a number of them emit bursts of radio waves. These radio waves are caused by magnetic reconnection, the same process that causes solar flares on the Sun. RDRAND was used to generate large quantities of random numbers for a Monte Carlo simulator, to model physical properties of the brown dwarfs and the effects of the instruments that observe them. They found that about 5% of brown dwarfs are sufficiently magnetic to emit strong radio bursts. They also evaluated the performance of the RDRAND instruction in C and Python compared to other random number generators.^[19]

Reception[edit]

In September 2013, in response to a New York Times article revealing the NSA's effort to weaken encryption,^[22]Theodore Ts'o publicly posted concerning the use of RDRAND for /dev/random in the Linux kernel:^[23]

I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction. To quote from the [New York Times article^[22]]: 'By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors..' Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea.

Linus Torvalds dismissed concerns about the use of RDRAND in the Linux kernel, and pointed out that it is not used as the only source of entropy for /dev/random, but rather used to improve the entropy by combining the values received from RDRAND with other sources of randomness.^[24][25] However, Taylor Hornby of Defuse Security demonstrated that the Linux random number generator could become insecure if a backdoor is introduced into the RDRAND instruction that specifically targets the code using it. Hornby's proof-of-concept implementation works on an unmodified Linux kernel prior to version 3.13.^[26][27][28] The issue was fixed in the Linux kernel in 2013.^[29]

Developers changed the FreeBSD kernel away from using RDRAND and VIA PadLock directly with the comment 'For [FreeBSD] 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random. It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.'^[24][30]

See also[edit]

Notes[edit]

1. ^In some Ivy Bridge versions, due to a bug, the RDRAND instruction causes an Illegal Instruction exception.^[3]

References[edit]

Generate A Cryptographically Secure Key Fob

1. ^Hofemeier, Gael (2011-06-22). 'Find out about Intel's new RDRAND Instruction'. Intel Developer Zone Blogs. Retrieved 30 December 2013.
2. ^ ^abcd'Intel Digital Random Number Generator (DRNG): Software Implementation Guide, Revision 1.1'(PDF). Intel Corporation. 2012-08-07. Retrieved 2012-11-25.
3. ^Desktop 3rd Generation Intel Core Processor Family, Specification Update(PDF). Intel Corporation. January 2013.
4. ^'AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions'(PDF). AMD Developer Guides, Manuals & ISA Documents. June 2015. Retrieved 16 October 2015.
5. ^Barker, Elaine; Kelsey, John (January 2012). 'Recommendation for Random Number Generation Using Deterministic Random Bit Generators'(PDF). National Institute of Standards and Technology. Retrieved September 16, 2013.Cite journal requires journal= (help)
6. ^Hamburg, Mike; Kocher, Paul; Marson, Mark (2012-03-12). 'Analysis of Intel's Ivy Bridge Digital Random Number Generator'(PDF). Cryptography Research, Inc. Archived from the original(PDF) on 2014-12-30. Retrieved 2015-08-21.
7. ^Hofemeier, Gael (2012-07-26). 'Introduction to Intel AES-NI and Intel SecureKey Instructions'. Intel Developer Zone. Intel. Retrieved 2015-10-24.
8. ^'AMD Starts Linux Enablement On Next-Gen 'Zen' Architecture - Phoronix'. www.phoronix.com. Retrieved 2015-10-25.
9. ^'Volume 1, Section 7.3.17, 'Random Number Generator Instruction''(PDF). Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C. Intel Corporation. June 2013. p. 177. Retrieved 24 June 2013. All Intel processors that support the RDRAND instruction indicate the availability of the RDRAND instruction via reporting CPUID.01H:ECX.RDRAND[bit 30] = 1
10. ^'AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions'(PDF). AMD. June 2015. p. 278. Retrieved 15 October 2015. Support for the RDRAND instruction is optional. On processors that support the instruction, CPUID Fn0000_0001_ECX[RDRAND] = 1
11. ^'Volume 1, Section 7.3.17, 'Random Number Generator Instruction''(PDF). Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C. Intel Corporation. June 2013. p. 177. Retrieved 25 October 2015. All Intel processors that support the RDSEED instruction indicate the availability of the RDSEED instruction via reporting CPUID.(EAX=07H, ECX=0H):EBX.RDSEED[bit 18] = 1
12. ^'Intel® Digital Random Number Generator (DRNG) Software Implementation Guide Intel® Developer Zone'. Software.intel.com. Retrieved 2014-01-30.
13. ^ ^abTaylor, Greg; Cox, George (September 2011). 'Behind Intel's New Random-Number Generator'. IEEE Spectrum.
14. ^John Mechalas (November 2012). 'The Difference Between RDRAND and RDSEED'. software.intel.com. Intel Corporation. Retrieved 1 January 2014.
15. ^Mechalas, John. 'Intel Digital Random Number Generator (DRNG) Software Implementation Guide, Section 3.2.1 Entropy Source (ES)'. Intel Software. Intel. Retrieved 18 February 2015.
16. ^https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide says 800 megabytes, which is 6.4 gigabits, per second
17. ^The simplest 64-bit implementation of Xorshift has 3 XORs and 3 shifts; if these are executed in a tight loop on 4 cores at 2GHz, the throughput is 80 Gb/sec. In practice it will be less due to load/store overheads etc, but is still likely to exceed the 6.4 Gb/sec of RDRAND. On the other hand, the quality of RDRAND's numbers should be higher than that of a software PRNG like Xorshift.
18. ^ ^abhttp://www.agner.org/optimize/instruction_tables.pdf
19. ^ ^abRoute, Matthew (August 10, 2017). 'Radio-flaring Ultracool Dwarf Population Synthesis'. The Astrophysical Journal. 845: 66. arXiv:1707.02212. doi:10.3847/1538-4357/aa7ede.
20. ^'X86 Built-in Functions - Using the GNU Compiler Collection (GCC)'.
21. ^'Intel® C++ Compiler 19.1 Developer Guide and Reference'. 2019-12-23.
22. ^ ^abPerlroth, Nicole; Larson, Jeff; Shane, Scott (September 5, 2013). 'N.S.A. Able to Foil Basic Safeguards of Privacy on Web'. The New York Times. Retrieved November 15, 2017.
23. ^Ts'o, Theodore (September 6, 2013). 'I am so glad I resisted pressure from Intel engineers to let /dev/random rely..' Archived from the original on 2018-06-11.
24. ^ ^abRichard Chirgwin (2013-12-09). 'FreeBSD abandoning hardware randomness'. The Register.
25. ^Gavin Clarke (10 September 2013). 'Torvalds shoots down call to yank 'backdoored' Intel RDRAND in Linux crypto'. theregister.co.uk. Retrieved 12 March 2014.
26. ^Taylor Hornby (6 December 2013). 'RDRAND backdoor proof of concept is working! Stock kernel (3.8.13), only the RDRAND instruction is modified'. Retrieved 9 April 2015.
27. ^Taylor Hornby [@DefuseSec] (10 September 2013). 'I wrote a short dialogue explaining why Linux's use of RDRAND is problematic. http://pastebin.com/A07q3nL3 /cc @kaepora @voodooKobra' (Tweet). Retrieved 11 January 2016 – via Twitter.
28. ^Daniel J. Bernstein; Tanja Lange (16 May 2014). 'Randomness generation'(PDF). Retrieved 9 April 2015.
29. ^Hornby, Taylor (2017-05-09). 'You want to keep RDRAND enabled. What I did just showed that in an older version of the kernel RDRAND could potentially control the output'. @DefuseSec. Retrieved 2019-10-30.
30. ^'FreeBSD Quarterly Status Report'. Freebsd.org. Retrieved 2014-01-30.

External links[edit]

Generate A Cryptographically Secure Key Code