From owner-cvs-src@FreeBSD.ORG Sat Apr 10 16:01:00 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D5F116A4D0 for ; Sat, 10 Apr 2004 16:01:00 -0700 (PDT) Received: from root.org (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id CCC9843D46 for ; Sat, 10 Apr 2004 16:00:59 -0700 (PDT) (envelope-from nate@root.org) Received: (qmail 58981 invoked by uid 1000); 10 Apr 2004 23:01:01 -0000 Date: Sat, 10 Apr 2004 16:01:01 -0700 (PDT) From: Nate Lawson To: Mark Murray In-Reply-To: <200404102208.i3AM8HIn071704@grimreaper.grondar.org> Message-ID: <20040410155637.Q58852@root.org> References: <200404102208.i3AM8HIn071704@grimreaper.grondar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Sam Leffler cc: src-committers@FreeBSD.org cc: cvs-src@FreeBSD.org cc: cvs-all@FreeBSD.org cc: Bruce M Simpson Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 23:01:00 -0000 On Sat, 10 Apr 2004, Mark Murray wrote: > Sam Leffler writes: > > On Apr 10, 2004, at 1:54 AM, Mark Murray wrote: > > > If it is felt that further whitening of the VIA C3 RNG is needed, > > > then I believe that Yarrow would be overkill, and that a much > > > smaller hash function will be sufficient. > > > > Unless I misread the paper it seemed very clear in stating that you > > need to post-process the h/w RNG. I run all my h/w entropy sources > > through the rndtest module (FIPS-140 testing) and frequently see that > > h/w entropy sources are not to be trusted (note that rndtest samples > > the entropy and that the FIPS test suite is far less stringent than > > the testing done in the papers). > > I'll look at putting a low-overhead entropy-pool-stirrer after the C3 > RNG. What problem are you trying to solve? Why must you design another PRNG? Even if it was fine, it would only be receiving entropy from a single source and would waste the availability of other sources as well. > > I have not had time to review Marks changes but I agree with Nate > > that h/w entropy sources should not be trusted and some form of > > post-processing must be done. Whether this is Yarrow or something > > else is unclear but the papers cited did a thorough analysis while all > > I've seen from Mark are statements that he believes these sources are > > good. When it comes to stuff like this I believe strongly in taking a > > conservative approach. > > Actually, the paper that Nate pointed at said that each bit of entropy > that the C3 RNG supplied delivered between 2/3 and nearly 1 bit of > "good" randomness. If the on-chip whitener was on, then "0.99 bits per > bit supplied" (my paraphrase) was given. That is approximately correct. I think we should use the VIA hardware source to seed our PRNG. That would be great. I do not think we should throw away the useful properties of a PRNG that cannot be provided directly by a hardware source. > Still, opinion seems to be in favour of further postprocessing, so I'll > do it. I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow? -Nate