From owner-freebsd-arch@FreeBSD.ORG Mon Aug 20 22:55:13 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D3AFA1065670 for ; Mon, 20 Aug 2012 22:55:13 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id 49AA88FC08 for ; Mon, 20 Aug 2012 22:55:12 +0000 (UTC) Received: from server.rulingia.com (c220-239-249-137.belrs5.nsw.optusnet.com.au [220.239.249.137]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id q7KMtAOs079612 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 21 Aug 2012 08:55:10 +1000 (EST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.14.5/8.14.5) with ESMTP id q7KMt4LF078926 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 21 Aug 2012 08:55:04 +1000 (EST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.14.5/8.14.5/Submit) id q7KMt4nf078925; Tue, 21 Aug 2012 08:55:04 +1000 (EST) (envelope-from peter) Date: Tue, 21 Aug 2012 08:55:04 +1000 From: Peter Jeremy To: Ben Laurie Message-ID: <20120820225504.GA78528@server.rulingia.com> References: <20120820220243.GA96700@troutmask.apl.washington.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-arch@freebsd.org Subject: Re: /dev/random X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2012 22:55:13 -0000 --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Aug-20 23:05:39 +0100, Ben Laurie wrote: >> Well, it's hard to comment when you failed to explain >> *why* you think it is a mistake. > >Sorry - because I do not think it is wise to trust the h/w prng so >much we discard other entropy. This depends on the relative predictability of Yarrow vs the hardware RNG. FreeBSD random(4) currently only supports one hardware RNG - the one in the VIA Nehemiah. VIA have published an independent evaluation of their RNG which suggests it is a good source of entropy. Additionally, the RNG is not used in a raw form, instead a Davies- Meyer hash is performed using the AES-128 CBC with random key, IV and data to further whiten the output. I am not sure whether anyone has done any comparison of the relative randomness of these approaches. >That is everything except the hardware, right? So ... all other sources. The FreeBSD random(4) device implementation currently allows only one RNG to be active at a time, though it should be possible to create a kernel thread that regularly adds entropy from a hardware RNG to the Yarrow state. >It is relevant because it seems there is entropy available in >fine-grained timing. Part of the entropy harvested at each of the sampling points is the CPU cyclecounter (eg TSC). It's difficult to see what finer grained timing you expect to be used. --=20 Peter Jeremy --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlAywEgACgkQ/opHv/APuIcFKwCfd10vSexKn3uwiqV+8rsGcN3J /BkAniKFchi+OQNUky8sYPh4GN5ZZ+8q =xPYF -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c--