From owner-freebsd-questions@FreeBSD.ORG Thu Sep 13 21:02:51 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81ED716A41A for ; Thu, 13 Sep 2007 21:02:51 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id 5907E13C46B for ; Thu, 13 Sep 2007 21:02:51 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out4.apple.com (Postfix) with ESMTP id 33860119688B; Thu, 13 Sep 2007 14:02:51 -0700 (PDT) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Mail Security) with ESMTP id 17D2D28058; Thu, 13 Sep 2007 14:02:51 -0700 (PDT) X-AuditID: 11807130-a8febbb000006fcc-ad-46e9a57a8e46 Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay11.apple.com (Apple SCV relay) with ESMTP id EE4752802B; Thu, 13 Sep 2007 14:02:50 -0700 (PDT) In-Reply-To: <46E9A455.4090703@intersonic.se> References: <46E94F9A.6050707@intersonic.se> <20070913153630.GA9448@slackbox.xs4all.nl> <20070913173155.0bad12b2@gumby.homeunix.com> <20070913174537.GA11683@slackbox.xs4all.nl> <46E9A455.4090703@intersonic.se> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7C29870C-0AF0-41FC-98C6-C79FDC438474@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Thu, 13 Sep 2007 14:02:50 -0700 To: Per olof Ljungmark X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org Subject: Re: /dev/random question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2007 21:02:51 -0000 On Sep 13, 2007, at 1:57 PM, Per olof Ljungmark wrote: >> On the website it says that the original yarrow algorithm is no >> longer >> supported. It seems to have been replaced by the fortuna algorithm. >> I can't see from the source if /usr/src/sys/dev/random/yarrow.* >> use the >> original yarrow algorithm, or the improved yarrow-160 aka fortuna. >> The use of >> crypto/rijndael/rijndael-api-fst.h and crypto/sha2/sha2.h seem to >> indicate the latter though. > > Should I conclude then that randomness is sufficient and > performance is a non-issue? The randomness is considered to be strong, but you can perform the NIST FIPS-140 tests against /dev/random and decide for yourself. As for performance, I get about 12MB/s out of /dev/random on a ~1 GHz CPU, which seems to be quite decent... -- -Chuck