1man(7)                        rdrand-gen man page                       man(7)
2
3
4

NAME

6       rdrand-gen - Generate randomness by using RdRand on Intel's CPUs.
7

SYNOPSIS

9       rdrand-gen [--amount NUM] [--method NAME] [--output FILE]
10       [--threads NUM] [--aes-ctr [--aes-keys FILE]] [--verbose] [--version]
11       [--help]
12
13

DESCRIPTION

15       RdRand is an instruction for returning random numbers from an Intel on-
16       chip hardware random number  generator.  RdRand  is  available  on  Ivy
17       Bridge and later processors.
18
19       It  uses  cascade  construction,  combining a HW RNG operating at 3Gbps
20       with CSPRNG with all components sealed on CPU. The entropy source is  a
21       metastable circuit, with unpredictable behavior based on thermal noise.
22       The entropy is fed into  a  3:1  compression  ratio  entropy  extractor
23       (whitener) based on AES-CBC-MAC. Online statistical tests are performed
24       at this stage and only high quality random data are used  as  the  seed
25       for cryptograhically secure SP800-90 AES-CTR DRBG compliant PRNG.  This
26       generator is producing maximum of 512 128-bit AES  blocks  before  it's
27       reseeded.  According  to  documentation the 512 blocks is a upper limit
28       for reseed, in practice it reseeds much more frequently.
29
30       Despite the statistical tests did not reveal any flaws in RdRand's out‐
31       put,  it's  intern operation cannot be verified (with a possibility for
32       the backdoor to be built into it).
33
34
35       rdrand-gen is a simple application for generating randomness on Intel's
36       CPUs  (Ivy  Bridge and newers) using the HW RNG on the CPU.  It can use
37       three methods of generating: Default get_bytes - is fastest (on a  lap‐
38       top  with a Core i7 about 200 MiB/s in one thread) and simply pulls out
39       randomness from the HW RNG, and two  slow,  but  more  secure  methods.
40       These  two  methods,  reseed_delay  and  reseed_skip are enforcing full
41       regeneration of the CPU's pool before each single value that is  pushed
42       out.
43
44       reseed_delay  is putting small delays (20 microseconds), long enough to
45       allow the HW to reseed the RdRand's internal generator with new thermal
46       noise   based  entropy  so  that  two  consequent  values  returned  by
47       reseed_delay  are  guaranteed  to  be  produced  with  different  seed.
48       reseed_skip  is  taking one of 1025 64bit values (the size of the inner
49       pool) and throwing away the rest, forcing the HW to reseed.  The perfo‐
50       mance  of  these  reseeding methods is about 1/1000 of the default one.
51       The  performance  differs  on  each  machine,  one  one   machine   the
52       reseed_skip  is  faster than reseed_delay , while on another one it can
53       be different.
54
55       If aes-ctr is set, then the output of RdRand instruction  is  encrypted
56       with  AES-CTR  from OpenSSL. It can either use a random key, or you can
57       give it a set of keys and nonces to use by using aes-keys parameter. If
58       AES is not enabled by the first flag, the keys are ignored.
59
60       Syntax of the key file is following:
61       On  each  line  is  a  hexadecimal string containing a key and a nonce.
62       There can be 128 lines at max. Length of a single key is twice  of  the
63       nonce,  so  if K stands for a key character and N for a nonce, a single
64       line in the key file will look like the following.
65       KKKKNN
66
67       24 bytes (48 characters) for a key and a nonce represents a 128bit key.
68       This  is also the only currently supported length of the key. See Exam‐
69       ples for a simple way of generating the key file.
70
71
72

OPTIONS

74         --help       -h      Print this help.
75         --amount     -n NUM Generate given amount of bytes. Suffixes:  K,  M,
76       G, T. Without the option or when 0, generate unlimited amount.
77         --method      -m  NAME Use method NAME (default is get_bytes , others
78       are reseed_skip and reseed_delay ).
79         --output     -o FILE Save the generated data to the file.
80         --threads    -t NUM Run the generator in NUM threads (default 2).
81         --aes-ctr    -a Encrypt the output with AES-CTR.
82         --aes-keys   -k FILE Use given key file for the AES encryption
83                         instead of random one. Works only when -a is set.
84         --verbose    -v Be verbose (will print on stderr).
85         --version    -V Print version.
86
87       AES keys in file for -k argument has to be 24 bytes long in hexadecimal
88       form.
89
90

EXAMPLES

92       Write 10.5MB of random data to the file /tmp/random
93       rdrand-gen -n 10.5M -o /tmp/random
94
95       Generate  20  random  passwords of length 20 build from all letters and
96       digits. Use the secure get_uint64_array_reseed_skip method.
97       (rdrand-gen -n2k -m reseed_skip | tr -cd '[:alnum:]' | fold  -w  20  &&
98       echo ) | head -20
99
100
101       Create GPG encrypted keyfile for aespipe.
102       Encrypt:
103       tar -cvf - files... | bzip2 | aespipe -w 10 -K keyfile.gpg >archive.aes
104       Decrypt:
105       aespipe -d -K keyfile.gpg < /tmp/archive.aes | bzip2 -d -q | tar -tvf -
106       rdrand-gen -n3705 -m reseed_skip | uuencode -m - | head -n 66 | tail -n
107       65 | \
108       gpg --symmetric -a > keyfile.gpg
109
110
111
112
113       Test the randomness of the generated data with dieharder test suite
114       rdrand-gen | dieharder -g 200 -a
115
116
117       Measure the speed of generation.
118       rdrand-gen | pv > /dev/null
119
120
121       Create a key file for AES encryption
122       head -n 3100 /dev/random | xxd -p -c 24 | head -n 129 | tail -n  128  >
123       keys.txt
124
125       Create the keys and pass them to the rdrand-gen without saving the keys
126       on disk
127       rdrand-gen -a -k <(head -n 3100 /dev/random | \
128       xxd -p -c 24 | head -n 129 | tail -n 128)
129
130
131
132

SEE ALSO

134       librdrand(3) librdrand-aes(3)
135
136

BUGS

138       No known bugs.
139
140

AUTHOR

142       Jan Tulak (jan@tulak.me) Jiri Hladky (hladky.jiri@gmail.com)
143
144
145
1461.2                              24 April 2014                          man(7)
Impressum