Date: Mon, 05 Jun 2000 14:16:36 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Mark Murray <mark@grondar.za> Cc: arch@FreeBSD.org, phk@freebsd.org Subject: Re: (2nd iteration) New /dev/(random|null|zero) - review, please Message-ID: <393BEE84.BBAD3E82@vangelderen.org> References: <200006051720.TAA18713@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote: > > [ Sent to arch at the suggestion of David O'Brien ] > (Some improvements have been done - 2nd iteration) > > Hi > > I have finished doing a MI /dev/null and /dev/zero, and I have got a > new /dev/random. I'm looking for reviewers. I've already submitted a MI /dev/[null|zero] for commit to PHK. He said he would commit them after testing. It's the same driver you have already seen at http://jeroen.vangelderen.org/FreeBSD . > o The random number generator will give random-looking output, but does > absolutely no harvesting of entropy at the moment. Because I want > it to be a loadable module, I need some way of registering the entropy > harvesting routines. Something like weak-symboled routines that are > overridden when the module is loaded would be ideal. Suggestions? Split-level. Entropy sources should export an entropy device. Yarrow should bind to all available entropy devices and use those. This would allow for - entropy devices in KLDs. - dynamic addition/removal of entropy sources (USB). - separation of RNG policy (Yarrow) from entropy gathering. - dynamic IRQs not affecting RNG security. > o The RNG is slow; the others are much faster than their originals. Can be tweaked. Use a 256-bit cipher like Rijndael and build a hash out of it. Would improve security too as the entropy pool would hold 256 bits. You can also pre-generate a few KB of random bits. Cheers, Jeroen -- Jeroen C. van Gelderen o _ _ _ jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_) _< \_ _>(_) (_)/<_ \_| \ _|/' \/ (_)>(_) (_) (_) (_) (_)' _\o_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?393BEE84.BBAD3E82>