Making use of sandy bridge's hardware true random number generator?

Question

I was wondering if there is a way to make use of the new hardware based true number generator found in intel\'s sandy bridge CPU? I read that intel\'s MKL (Math Kernel Libra

Answer 1

Intel has posted a manual, library, and code examples for the rdrand instruction at http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide.

From the Readme:

"Because the many of compiler toolchains do not support this new instruction, this library was created to facilitate easy access to it. The idea is simple: link to a built static library and enjoy the new feature!"

There are examples of all the library calls in main.c.

I was able to compile the static library and test program in gcc on Mac OS X. The documentation states that it is also compatible with Linux and Windows.

Be aware that rdrand is actually a 128-bit pseudo-random number generator with hardware-generated entropy. (The upcoming Broadwell architecture will provide an rdseed instruction to access the true random number generator.) The details of the difference and its implications can be found under the "Long Answer" heading at http://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and-rdseed.

Answer 2

Here is the example code:

#include <immintrin.h>
#include <cstdint>
...
uint64_t val;
if(!_rdseed64_step(&val)) {
  printf("Error generating hardware random value\n");
}
// Now val contains 64-bit pseudo-random number

uint64_t val;
if(!_rdrand64_step(&val)) {
  printf("Error generating hardware random value\n");
}
// Now val contains 64-bit true random number

Reference: Intel Intrinsics Guide

Answer 3

It could depend of your operating system. I would imagine that recent GNU/Linux kernels might use the hardware random generators for e.g. /dev/random (since the random(4) man page suggest that it uses noise), but I could be wrong.

The usual practice is to use some common pseudo-random generator (like e.g. the random(3) standard function), but to seed it, when starting your application, from some more random source (e.g. reading /dev/urandom, using getpid() and something from the current time with gettimeofday(), etc).

Very probably, getting very good random numbers is a black art, at least for me. But the above solution has at least the advantage of not being easily reproducible from one application run to another.

If your application is long lasting (e.g. a web service running in a the same single process for many hours) you might perhaps re-seed your Pseudo Random Number Generator from time to time. For a web server, I would imagine you could also use request times (measuring them with millisecond granularity) as a source of randomness (to seed your PRNG).