Date: Thu, 12 Jul 2018 16:57:51 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-hackers@freebsd.org Subject: Re: Limits to seeding /dev/random | random(4) Message-ID: <20180712165751.1e5b8e24@gumby.homeunix.com> In-Reply-To: <1531317515.66719.20.camel@freebsd.org> References: <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org> <1531317515.66719.20.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Jul 2018 07:58:35 -0600 Ian Lepore wrote: > When asking our prng gurus for advice on writing a device driver for > an on-chip entropy source, the advice I got was basically: there's no > need to feed in more entropy on an ongoing basis, but no harm in > doing so either, within reason. The recommendation was to feed at or > below an average rate of about 128 bits/second. Pushing in more isn't > harmful, just wasteful of system resources because it doesn't make > anything better. This is a bit simplistic because it ignores the way that fortuna stripes entropy across 32 pools. In order to fully secure the prng at boot time you need to get 256 bits of entropy into it, and to guarantee that you need to have 256 bits in pool[0], which means you need to write 256*32=8192 bits into the random device. This should be done as early in the rc.d boot process as possible. Once the pools are primed you could trickle entropy in in smaller amounts if you wish.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180712165751.1e5b8e24>