From owner-cvs-src@FreeBSD.ORG Sat Apr 10 15:55:41 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7111716A4CE for ; Sat, 10 Apr 2004 15:55:41 -0700 (PDT) Received: from root.org (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id 4372B43D5D for ; Sat, 10 Apr 2004 15:55:41 -0700 (PDT) (envelope-from nate@root.org) Received: (qmail 58953 invoked by uid 1000); 10 Apr 2004 22:55:42 -0000 Date: Sat, 10 Apr 2004 15:55:42 -0700 (PDT) From: Nate Lawson To: Mark Murray In-Reply-To: <200404101929.i3AJTJ8P070553@grimreaper.grondar.org> Message-ID: <20040410155306.W58852@root.org> References: <200404101929.i3AJTJ8P070553@grimreaper.grondar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: richardcoleman@mindspring.com cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: cvs-src@FreeBSD.ORG Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 22:55:41 -0000 On Sat, 10 Apr 2004, Mark Murray wrote: > Richard Coleman writes: > > > If it is felt that further whitening of the VIA C3 RNG is needed, > > > then I believe that Yarrow would be overkill, and that a much smaller > > > hash function will be sufficient. > > > > What do you have in mind? AES is already one of the faster ciphers > > around. You could reduce the number of rounds used for AES, but it > > would be hard to estimate the cryptographic strength. > > The C3 chip has AES on board, so something like this may do the trick: > > key = C3RNG(); > seed ^= C3RNG(); /* seed is static */ > output = encryptAES(key, seed); How much assurance is gained in designing a new PRNG that duplicates an existing PRNG already available and is used with only one source of entropy? > Cryptographic strength is of lesser importance here, as the key > input is Very Nicely Random(tm), however AES's speed and spectral > qualities make it a good choice. It is important to remember that > the hash is purely there to destroy any trends/tendencies that the > hardware generator may have, and for that purpose an LFSR may work > just fine. The hash is a "Whitener", and its requirements here are > that its output spectrum is flat. An LFSR is not a cryptographic hash function. Do not use one to implement a PRNG. -Nate