From owner-freebsd-security@FreeBSD.ORG Mon Mar 7 13:03:33 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACFF916A4CE; Mon, 7 Mar 2005 13:03:33 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EB7043D39; Mon, 7 Mar 2005 13:03:33 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 00B72ACB34; Mon, 7 Mar 2005 14:03:30 +0100 (CET) Date: Mon, 7 Mar 2005 14:03:30 +0100 From: Pawel Jakub Dawidek To: freebsd-security@freebsd.org Message-ID: <20050307130330.GX9291@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XwYplyRgqW9Nm5hN" Content-Disposition: inline User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Subject: New entropy source proposal. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 13:03:33 -0000 --XwYplyRgqW9Nm5hN Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: port 0xe100-0xe13f,0xe000-0xe0ff irq 11 at dev= ice 31.5 on pci0 pcm0: [GIANT-LOCKED] pcm0: It produce very good entropy. I tried those tests to prove its quality: - FIPS 140-2 tests - 'ent' tests: http://www.fourmilab.ch/random/ - Famous 'diehard' tests The full output from diehard tests is here: http://people.freebsd.org/~pjd/misc/sndrand_diehard.txt The idea of using sound card as entropy source was taken from RFC 1750. If people like the idea and someone more skilled than me in this subject can review this stuff, we can start to put it into kernel "random infrastructure". It could also be implemented as userland daemon which writes collected entropy to /dev/random maybe... --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --XwYplyRgqW9Nm5hN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCLFEiForvXbEpPzQRAvqoAKCS6Uog2CINyj3ybNo1a8C/qAbUQQCcDP1T KkECG+WdYlnJyLZkuaiW0FA= =l8tH -----END PGP SIGNATURE----- --XwYplyRgqW9Nm5hN--