From owner-cvs-all  Mon Jun 26 23:22:16 2000
Delivered-To: cvs-all@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id DFE4F37BE15; Mon, 26 Jun 2000 23:22:07 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA54642;
	Tue, 27 Jun 2000 08:22:08 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200006270622.IAA54642@grimreaper.grondar.za>
To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
Cc: Warner Losh <imp@village.org>, Peter Wemm <peter@netplex.com.au>,
	Mark Murray <mark@grondar.za>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/usr.sbin Makefile src/usr.sbin/rndcontrol Makefile random.4 rndcontrol.8 rndcontrol.c 
References: <3957F6C0.B8D8E006@vangelderen.org> 
In-Reply-To: <3957F6C0.B8D8E006@vangelderen.org> ; from "Jeroen C. van Gelderen" <jeroen@vangelderen.org>  "Mon, 26 Jun 2000 20:35:12 -0400."
Date: Tue, 27 Jun 2000 08:22:08 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Urm, we're talking security here. The default should be false
> unless the driver knows it's IRQ makes for a reasonable entropy 
> source. For shared IRQs you would need to "AND" all the 
> return values together.

Actually, we are talking Yarrow here. Yarrow can use as many
entropy-pool perturbations as possible; what needs to be made right
is the estimation of entropy. Yarrow mandates 3 methods (programmer
estimate, statistical calculation, f(length-of-sample)) with the
lowest being chosen. In the case of unspecified interrupts, the
programmer estimate will be zero, and the event will be a very
welcome perturbation.

> Eventually it may be better to have the device export an 
> entropy pseudo-device itself. We would need those for pure
> entropy gathering devices anyway but even in the case of a
> network driver it can be useful: the driver has access to 
> it's IRQ timings as well as network statistics from which
> entropy can be distilled. The network driver could even
> disable it's entropy device interface unless the link is 
> actually up and data is arriving.

That is what I am working on. Anyone care to join? :-)
I am looking for kobj methods.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message