From owner-freebsd-arch@FreeBSD.ORG Sun Aug 18 21:50:45 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 243039F2; Sun, 18 Aug 2013 21:50:45 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0251.outbound.messaging.microsoft.com [213.199.154.251]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7EC082EE0; Sun, 18 Aug 2013 21:50:43 +0000 (UTC) Received: from mail37-db9-R.bigfish.com (10.174.16.249) by DB9EHSOBE014.bigfish.com (10.174.14.77) with Microsoft SMTP Server id 14.1.225.22; Sun, 18 Aug 2013 21:50:35 +0000 Received: from mail37-db9 (localhost [127.0.0.1]) by mail37-db9-R.bigfish.com (Postfix) with ESMTP id AF7B62007E; Sun, 18 Aug 2013 21:50:35 +0000 (UTC) X-Forefront-Antispam-Report: CIP:66.129.224.52; KIP:(null); UIP:(null); IPV:NLI; H:P-EMF01-SAC.jnpr.net; RD:none; EFVD:NLI X-SpamScore: 1 X-BigFish: VPS1(zz98dI1432Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzz1de098h8275bh1de097hz2fh2a8h839hd25hf0ah1288h12a5h12a9h12bdh12e5h137ah139eh13b6h1441h14ddh1504h1537h162dh1631h1758h1898h18e1h1946h19b5h1ad9h1b0ah1b2fh1b88h1fb3h1d0ch1d2eh1d3fh1de2h1dfeh1dffh1e23h1fe8h1ff5h1155h) Received-SPF: pass (mail37-db9: domain of juniper.net designates 66.129.224.52 as permitted sender) client-ip=66.129.224.52; envelope-from=sjg@juniper.net; helo=P-EMF01-SAC.jnpr.net ; SAC.jnpr.net ; Received: from mail37-db9 (localhost.localdomain [127.0.0.1]) by mail37-db9 (MessageSwitch) id 1376862634739656_31494; Sun, 18 Aug 2013 21:50:34 +0000 (UTC) Received: from DB9EHSMHS015.bigfish.com (unknown [10.174.16.253]) by mail37-db9.bigfish.com (Postfix) with ESMTP id AEFA8260047; Sun, 18 Aug 2013 21:50:34 +0000 (UTC) Received: from P-EMF01-SAC.jnpr.net (66.129.224.52) by DB9EHSMHS015.bigfish.com (10.174.14.25) with Microsoft SMTP Server (TLS) id 14.16.227.3; Sun, 18 Aug 2013 21:50:34 +0000 Received: from magenta.juniper.net (172.17.27.123) by P-EMF01-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.146.0; Sun, 18 Aug 2013 14:50:32 -0700 Received: from chaos.jnpr.net (chaos.jnpr.net [172.24.29.229]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id r7ILoVL93649; Sun, 18 Aug 2013 14:50:31 -0700 (PDT) (envelope-from sjg@juniper.net) Received: from chaos.jnpr.net (localhost [127.0.0.1]) by chaos.jnpr.net (Postfix) with ESMTP id F172658097; Sun, 18 Aug 2013 14:50:30 -0700 (PDT) To: Mark R V Murray Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion In-Reply-To: References: <20130807183112.GA79319@dragon.NUXI.org> <86pptfnu33.fsf@nine.des.no> <20130815231713.GD76666@x96.org> <20130816002625.GE76666@x96.org> <9B274F48-0C88-4117-BEAC-1A555772A3C5@grondar.org> <86a9kf733d.fsf@nine.des.no> <0C97B866-A169-4141-8368-AA7F5B5382F4@grondar.org> <861u5r71zi.fsf@nine.des.no> <892B11BD-396D-4F82-B97C-753F72CA494D@grondar.org> <86r4dr5j3p.fsf@nine.des.no> <4C1BD77C-8C6B-4044-9285-5978A3BC4B70@kientzle.com> <537622E1-F785-4BFA-B829-09DCDB484606@grondar.org> <932AB5CA-778E-438D-8FD3-8C0F29F3D117@kientzle.com> Comments: In-reply-to: Mark R V Murray message dated "Sun, 18 Aug 2013 21:02:46 +0100." From: "Simon J. Gerraty" X-Mailer: MH-E 7.82+cvs; nmh 1.3; GNU Emacs 22.3.1 Date: Sun, 18 Aug 2013 14:50:30 -0700 Message-ID: <20130818215030.F172658097@chaos.jnpr.net> MIME-Version: 1.0 Content-Type: text/plain X-OriginatorOrg: juniper.net X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% Cc: Tim Kientzle , FreeBSD-arch Arch , secteam@freebsd.org, des@des.no X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Aug 2013 21:50:45 -0000 On Sun, 18 Aug 2013 21:02:46 +0100, Mark R V Murray writes: >On 18 Aug 2013, at 20:27, Tim Kientzle wrote: >> My key claims: >> * Entropy mixers such as Yarrow, Fortuna, or >> passthrough are different from entropy sources. >> Mixers specify how /dev/random is generated from >> available entropy. > >Yes! I think this is a key point. One of the problems we face dealing with NSA (or perhaps more accurately labs representing them) etc, is that they want us to be able to provide and substantiate claims of entropy *out* of /dev/random. We can "measure" and analyze the entropy going *into* a mixer like Yarrow, but it is hard to make assertions about the output beyond "if I collected N bits of entropy I cannot output more than that". (it wouldn't be doing a good job of mixing if you could). I suspect this is a key driver for the plugin arrangement - being able to address NSA concerns by using a PRNG of and in a manner of their choosing. Describing Yarrow/Fortuna as entropy "mixers" (or conditioning functions) rather than entropy "sources" might help.