Date: Sat, 10 Apr 2004 20:29:19 +0100 From: Mark Murray <mark@grondar.org> To: richardcoleman@mindspring.com Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <200404101929.i3AJTJ8P070553@grimreaper.grondar.org> In-Reply-To: Your message of "Sat, 10 Apr 2004 14:40:12 EDT." <40783F8C.1010704@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Coleman writes: > > If it is felt that further whitening of the VIA C3 RNG is needed, > > then I believe that Yarrow would be overkill, and that a much smaller > > hash function will be sufficient. > > What do you have in mind? AES is already one of the faster ciphers > around. You could reduce the number of rounds used for AES, but it > would be hard to estimate the cryptographic strength. The C3 chip has AES on board, so something like this may do the trick: key = C3RNG(); seed ^= C3RNG(); /* seed is static */ output = encryptAES(key, seed); Cryptographic strength is of lesser importance here, as the key input is Very Nicely Random(tm), however AES's speed and spectral qualities make it a good choice. It is important to remember that the hash is purely there to destroy any trends/tendencies that the hardware generator may have, and for that purpose an LFSR may work just fine. The hash is a "Whitener", and its requirements here are that its output spectrum is flat. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404101929.i3AJTJ8P070553>