Date: Tue, 06 Jun 2000 10:14:23 +0200 From: Mark Murray <mark@grimreaper.grondar.za> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Mark Murray <mark@grondar.za>, arch@FreeBSD.org, phk@FreeBSD.org Subject: Re: (2nd iteration) New /dev/(random|null|zero) - review, please Message-ID: <200006060814.KAA21235@gratis.grondar.za> In-Reply-To: <393BEE84.BBAD3E82@vangelderen.org> ; from "Jeroen C. van Gelderen" <jeroen@vangelderen.org> "Mon, 05 Jun 2000 14:16:36 -0400." References: <393BEE84.BBAD3E82@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I have finished doing a MI /dev/null and /dev/zero, and I have got a > > new /dev/random. I'm looking for reviewers. > > I've already submitted a MI /dev/[null|zero] for commit to PHK. He > said he would commit them after testing. It's the same driver you > have already seen at http://jeroen.vangelderen.org/FreeBSD . I stole lots of ideas from you :-); I think mine is faster... > > o The random number generator will give random-looking output, but does > > absolutely no harvesting of entropy at the moment. Because I want > > it to be a loadable module, I need some way of registering the entropy > > harvesting routines. Something like weak-symboled routines that are > > overridden when the module is loaded would be ideal. Suggestions? > > Split-level. Entropy sources should export an entropy device. Yarrow > should bind to all available entropy devices and use those. This would > allow for > - entropy devices in KLDs. > - dynamic addition/removal of entropy sources (USB). > - separation of RNG policy (Yarrow) from entropy gathering. > - dynamic IRQs not affecting RNG security. Makes sense, but I need an actual mechanism for achiving this. BDE suggested the module event handler; I need to investigate. > > o The RNG is slow; the others are much faster than their originals. > > Can be tweaked. Use a 256-bit cipher like Rijndael and build a hash > out of it. Would improve security too as the entropy pool would hold > 256 bits. You can also pre-generate a few KB of random bits. Hmmm.... Sounds good! Got a Rijndael reference? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006060814.KAA21235>