Date: Sat, 10 Apr 2004 16:01:01 -0700 (PDT) From: Nate Lawson <nate@root.org> To: Mark Murray <mark@grondar.org> Cc: Bruce M Simpson <bms@spc.org> Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <20040410155637.Q58852@root.org> In-Reply-To: <200404102208.i3AM8HIn071704@grimreaper.grondar.org> References: <200404102208.i3AM8HIn071704@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 10 Apr 2004, Mark Murray wrote: > Sam Leffler writes: > > On Apr 10, 2004, at 1:54 AM, Mark Murray wrote: > > > If it is felt that further whitening of the VIA C3 RNG is needed, > > > then I believe that Yarrow would be overkill, and that a much > > > smaller hash function will be sufficient. > > > > Unless I misread the paper it seemed very clear in stating that you > > need to post-process the h/w RNG. I run all my h/w entropy sources > > through the rndtest module (FIPS-140 testing) and frequently see that > > h/w entropy sources are not to be trusted (note that rndtest samples > > the entropy and that the FIPS test suite is far less stringent than > > the testing done in the papers). > > I'll look at putting a low-overhead entropy-pool-stirrer after the C3 > RNG. What problem are you trying to solve? Why must you design another PRNG? Even if it was fine, it would only be receiving entropy from a single source and would waste the availability of other sources as well. > > I have not had time to review Marks changes but I agree with Nate > > that h/w entropy sources should not be trusted and some form of > > post-processing must be done. Whether this is Yarrow or something > > else is unclear but the papers cited did a thorough analysis while all > > I've seen from Mark are statements that he believes these sources are > > good. When it comes to stuff like this I believe strongly in taking a > > conservative approach. > > Actually, the paper that Nate pointed at said that each bit of entropy > that the C3 RNG supplied delivered between 2/3 and nearly 1 bit of > "good" randomness. If the on-chip whitener was on, then "0.99 bits per > bit supplied" (my paraphrase) was given. That is approximately correct. I think we should use the VIA hardware source to seed our PRNG. That would be great. I do not think we should throw away the useful properties of a PRNG that cannot be provided directly by a hardware source. > Still, opinion seems to be in favour of further postprocessing, so I'll > do it. I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow? -Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040410155637.Q58852>