From owner-cvs-src@FreeBSD.ORG Mon Apr 12 17:44:35 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75CE516A4CE; Mon, 12 Apr 2004 17:44:35 -0700 (PDT) Received: from saturn.criticalmagic.com (saturn.criticalmagic.com [68.213.16.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10DB443D2D; Mon, 12 Apr 2004 17:44:35 -0700 (PDT) (envelope-from richardcoleman@mindspring.com) Received: from mindspring.com (titan.criticalmagic.com [68.213.16.23]) by saturn.criticalmagic.com (Postfix) with ESMTP id 394FA3BD2A; Mon, 12 Apr 2004 20:44:32 -0400 (EDT) Message-ID: <407B3801.4090001@mindspring.com> Date: Mon, 12 Apr 2004 20:44:49 -0400 From: Richard Coleman Organization: Critical Magic, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nate Lawson References: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> <20040412153153.I70759@root.org> In-Reply-To: <20040412153153.I70759@root.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: Mark Murray Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: richardcoleman@mindspring.com List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 00:44:35 -0000 Nate Lawson wrote: >>Yarrow's entropy accumulation and PRNG generator parts are disconnected >>(that is part of its point), so there is no connection between the >>number of bytes harvested and the number of bytes supplied. This >>makes a very long armoured pipeline between accumulation and issue, >>which seems like overkill when the suppied entropy is 99% OK (far >>better than Yarrow currently ever gets, BTW). >> >>[...] >> >>Yarrow is unsuitable for this purpose; it is a great generator when >>you have a low-entropy environment and you need to protect against >>attackers having potential knowledge of the inputs. > > > * XSTORE is an unprivileged operation, users can call it all they want. > > * If your hardware fails undetectably somehow (101010101...), a > single-source PRNG also fails. If we seed our existing PRNG which > accepts multiple sources, it doesn't. > > I think Jacques said it best. All I'm asking is that we use a > well-reviewed PRNG and as many entropy sources as possible, including this > nice VIA part. > > -Nate I agree with this sentiment. The more crypto hardware that becomes available, the more of it that will be crap. Now, the obvious question is what post-processing does OpenBSD do to hardware random number generators? I read the semi-recent paper on the crypto framework for OpenBSD (http://www.openbsd.org/papers/ocf.pdf) but it doesn't mention anything about this. Anyone know offhand? Richard Coleman richardcoleman@mindspring.com