Date: Sat, 10 Apr 2004 13:58:36 -0700 From: Sam Leffler <sam@errno.com> To: Mark Murray <mark@grondar.org> Cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <D5A255CF-8B31-11D8-872E-000A95AD0668@errno.com> In-Reply-To: <200404100854.i3A8sa0w066414@grimreaper.grondar.org> References: <200404100854.i3A8sa0w066414@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 10, 2004, at 1:54 AM, Mark Murray wrote: > Bruce M Simpson writes: >>>> http://www.cryptography.com/resources/whitepapers/index.html >>> >>> Actually, I have. I read it again, now, to be sure. Nothing it says >>> suggests that what I did here is a "huge mistake". Nearest I get is >>> the suggestion that the output from the on-chip RNG is used as a >>> source for a hash function (like Yarrow). I feel that is overkill, >>> and that the output of the on-chip RNG is sufficient. >> >> I'm inclined to trust your judgement here on this, Mark, but Nate does >> have a valid point; we need to be sure that the entropy sources are of >> sufficiently high quality or we risk compromising the system. >> >> If you could cite some independent tests for the VIA C3 on-chip RNG >> that would be very helpful to all. > > How about Nate's paper? It gives the VIA C3 a very high assessment WRT > the quality of the entropy delivered. > > If it is felt that further whitening of the VIA C3 RNG is needed, > then I believe that Yarrow would be overkill, and that a much smaller > hash function will be sufficient. Unless I misread the paper it seemed very clear in stating that you need to post-process the h/w RNG. I run all my h/w entropy sources through the rndtest module (FIPS-140 testing) and frequently see that h/w entropy sources are not to be trusted (note that rndtest samples the entropy and that the FIPS test suite is far less stringent than the testing done in the papers). I have not had time to review Marks changes but I agree with Nate that h/w entropy sources should not be trusted and some form of post-processing must be done. Whether this is Yarrow or something else is unclear but the papers cited did a thorough analysis while all I've seen from Mark are statements that he believes these sources are good. When it comes to stuff like this I believe strongly in taking a conservative approach. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D5A255CF-8B31-11D8-872E-000A95AD0668>