CryptoSys PKI Pro Manual

Intel(R) DRNG support

[New in v22.1]

The Digital Random Number Generator (DRNG) is an innovative hardware approach to high-quality, high-performance entropy and random number generation. It is composed of the new Intel 64 Architecture instructions RDRAND and RDSEED and an underlying DRNG hardware implementation. For more information see [INTEL-DRNG].

If available on your system, 256 bits of entropy from Intel(R) DRNG (using hardware-generated random values) will be added automatically on first use of any RNG function. The output is used to seed and add entropy to the generator state and Fortuna accumulation pools. It is not used directly.

The availability of support can be checked using the RNG_Initialize function and passing an empty "" filename parameter. If the return value is a positive number then Intel(R) DRNG is supported (1=RDRAND available, 2=RDSEED available, 3=both RDRAND and RDSEED available). RDSEED will be preferred if available. Support can also be explicitly turned off using the PKI_RNG_NO_INTEL_DRNG option.

[PREV: RNG Mechanisms...]   [Contents]   [Index]   
   [NEXT: Techniques to add known security strength to the RNG process...]

Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-01-01T11:51:59Z.