From owner-freebsd-security@FreeBSD.ORG Mon Mar 7 16:10:12 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CAE316A4CE; Mon, 7 Mar 2005 16:10:12 +0000 (GMT) Received: from storm.uk.FreeBSD.org (storm.uk.FreeBSD.org [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6994C43D2F; Mon, 7 Mar 2005 16:10:11 +0000 (GMT) (envelope-from mark@grondar.org) Received: from storm.uk.FreeBSD.org (uucp@localhost [127.0.0.1]) by storm.uk.FreeBSD.org (8.13.1/8.13.1) with ESMTP id j27GA9Hl056715; Mon, 7 Mar 2005 16:10:09 GMT (envelope-from mark@grondar.org) Received: (from uucp@localhost)j27GA9CU056714; Mon, 7 Mar 2005 16:10:09 GMT (envelope-from mark@grondar.org) Received: from grondar.org (localhost [127.0.0.1]) by grovel.grondar.org (8.13.3/8.13.1) with ESMTP id j27G9mR1032489; Mon, 7 Mar 2005 16:09:48 GMT (envelope-from mark@grondar.org) Message-Id: <200503071609.j27G9mR1032489@grovel.grondar.org> To: Pawel Jakub Dawidek From: Mark Murray In-Reply-To: Your message of "Mon, 07 Mar 2005 14:03:30 +0100." <20050307130330.GX9291@darkness.comp.waw.pl> Date: Mon, 07 Mar 2005 16:09:48 +0000 Sender: mark@grondar.org cc: freebsd-security@FreeBSD.ORG cc: markm@FreeBSD.ORG Subject: Re: New entropy source proposal. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 16:10:12 -0000 Pawel Jakub Dawidek writes: > The program is very simple, it should be run with two arguments: > > % sndtest /dev/dspW 1048576 > rand.data > > This command will generate 1MB of random data. Er, not very random. > With my sound card: > > pcm0: port 0xe100-0xe13f,0xe000-0xe0ff irq 11 at dev= > ice 31.5 on pci0 > pcm0: [GIANT-LOCKED] > pcm0: Did you have a noise source connected? I generated 1MB of data and it was not very random at all. "hexdump -C data" showed the data was very poor indeed. > It produce very good entropy. I tried those tests to prove its quality: > - FIPS 140-2 tests > - 'ent' tests: http://www.fourmilab.ch/random/ > - Famous 'diehard' tests > > The full output from diehard tests is here: > > http://people.freebsd.org/~pjd/misc/sndrand_diehard.txt > > The idea of using sound card as entropy source was taken from RFC 1750. That RFC mentions connecting the sound card to a noise source. > If people like the idea and someone more skilled than me in this subject > can review this stuff, we can start to put it into kernel > "random infrastructure". It could also be implemented as userland daemon > which writes collected entropy to /dev/random maybe... I like the idea, but we need a bit more hardware assistance, I think. M -- Mark Murray iumop ap!sdn w,I idlaH