From owner-cvs-src@FreeBSD.ORG Sat Apr 10 15:10:31 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E08EB16A4CE; Sat, 10 Apr 2004 15:10:31 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id C102543D2F; Sat, 10 Apr 2004 15:10:26 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) i3AMA4kX068981; Sat, 10 Apr 2004 23:10:04 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)i3AMA34n068980; Sat, 10 Apr 2004 23:10:03 +0100 (BST) (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])i3AM8HIn071704; Sat, 10 Apr 2004 23:08:17 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200404102208.i3AM8HIn071704@grimreaper.grondar.org> To: Sam Leffler In-Reply-To: Your message of "Sat, 10 Apr 2004 13:58:36 PDT." Date: Sat, 10 Apr 2004 23:08:17 +0100 Sender: mark@grondar.org X-Spam-Score: 4 (****) FROM_NO_LOWER,MSGID_FROM_MTA_SHORT X-Scanned-By: MIMEDefang 2.39 cc: Bruce M Simpson cc: src-committers@FreeBSD.org cc: Nate Lawson cc: cvs-all@FreeBSD.org cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 22:10:32 -0000 Sam Leffler writes: > On Apr 10, 2004, at 1:54 AM, Mark Murray wrote: > > If it is felt that further whitening of the VIA C3 RNG is needed, > > then I believe that Yarrow would be overkill, and that a much > > smaller hash function will be sufficient. > > Unless I misread the paper it seemed very clear in stating that you > need to post-process the h/w RNG. I run all my h/w entropy sources > through the rndtest module (FIPS-140 testing) and frequently see that > h/w entropy sources are not to be trusted (note that rndtest samples > the entropy and that the FIPS test suite is far less stringent than > the testing done in the papers). I'll look at putting a low-overhead entropy-pool-stirrer after the C3 RNG. > I have not had time to review Marks changes but I agree with Nate > that h/w entropy sources should not be trusted and some form of > post-processing must be done. Whether this is Yarrow or something > else is unclear but the papers cited did a thorough analysis while all > I've seen from Mark are statements that he believes these sources are > good. When it comes to stuff like this I believe strongly in taking a > conservative approach. Actually, the paper that Nate pointed at said that each bit of entropy that the C3 RNG supplied delivered between 2/3 and nearly 1 bit of "good" randomness. If the on-chip whitener was on, then "0.99 bits per bit supplied" (my paraphrase) was given. Still, opinion seems to be in favour of further postprocessing, so I'll do it. M -- Mark Murray iumop ap!sdn w,I idlaH