Changeset View
Changeset View
Standalone View
Standalone View
src/random.h
Show All 19 Lines | |||||
* randomness. The following (classes of) functions interact with that state by | * randomness. The following (classes of) functions interact with that state by | ||||
* mixing in new entropy, and optionally extracting random output from it: | * mixing in new entropy, and optionally extracting random output from it: | ||||
* | * | ||||
* - The GetRand*() class of functions, as well as construction of | * - The GetRand*() class of functions, as well as construction of | ||||
* FastRandomContext objects, perform 'fast' seeding, consisting of mixing in: | * FastRandomContext objects, perform 'fast' seeding, consisting of mixing in: | ||||
* - A stack pointer (indirectly committing to calling thread and call stack) | * - A stack pointer (indirectly committing to calling thread and call stack) | ||||
* - A high-precision timestamp (rdtsc when available, c++ | * - A high-precision timestamp (rdtsc when available, c++ | ||||
* high_resolution_clock otherwise) | * high_resolution_clock otherwise) | ||||
* - Hardware RNG (rdrand) when available. | * - 64 bits from the hardware RNG (rdrand) when available. | ||||
* These entropy sources are very fast, and only designed to protect against | * These entropy sources are very fast, and only designed to protect against | ||||
* situations where a VM state restore/copy results in multiple systems with the | * situations where a VM state restore/copy results in multiple systems with the | ||||
* same randomness. FastRandomContext on the other hand does not protect against | * same randomness. FastRandomContext on the other hand does not protect against | ||||
* this once created, but is even faster (and acceptable to use inside tight | * this once created, but is even faster (and acceptable to use inside tight | ||||
* loops). | * loops). | ||||
* | * | ||||
* - The GetStrongRand*() class of function perform 'slow' seeding, including | * - The GetStrongRand*() class of function perform 'slow' seeding, including | ||||
* everything that fast seeding includes, but additionally: | * everything that fast seeding includes, but additionally: | ||||
Show All 10 Lines | |||||
* additionally: | * additionally: | ||||
* - A high-precision timestamp before and after sleeping 1ms. | * - A high-precision timestamp before and after sleeping 1ms. | ||||
* - (On Windows) Once every 10 minutes, performance monitoring data from the | * - (On Windows) Once every 10 minutes, performance monitoring data from the | ||||
* OS. These just exploit the fact the system is idle to improve the quality of | * OS. These just exploit the fact the system is idle to improve the quality of | ||||
* the RNG slightly. | * the RNG slightly. | ||||
* | * | ||||
* On first use of the RNG (regardless of what function is called first), all | * On first use of the RNG (regardless of what function is called first), all | ||||
* entropy sources used in the 'slow' seeder are included, but also: | * entropy sources used in the 'slow' seeder are included, but also: | ||||
* - 256 bits from the hardware RNG (rdseed or rdrand) when available. | |||||
* - (On Windows) Performance monitoring data from the OS. | * - (On Windows) Performance monitoring data from the OS. | ||||
* - (On Windows) Through OpenSSL, the screen contents. | * - (On Windows) Through OpenSSL, the screen contents. | ||||
* | * | ||||
* When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, | * When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, | ||||
* and (up to) the first 32 bytes of H are produced as output, while the last 32 | * and (up to) the first 32 bytes of H are produced as output, while the last 32 | ||||
* bytes become the new RNG state. | * bytes become the new RNG state. | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 192 Lines • Show Last 20 Lines |