Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Jul 2018 07:58:35 -0600
From:      Ian Lepore <ian@freebsd.org>
To:        Dirk-Willem van Gulik <dirkx@webweaving.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
Subject:   Re: Limits to seeding /dev/random | random(4)
Message-ID:  <1531317515.66719.20.camel@freebsd.org>
In-Reply-To: <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org>
References:  <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 2018-07-11 at 14:03 +0200, Dirk-Willem van Gulik wrote:
> When feeding /dev/random from hardware USB devices like Bill
> Woodcock’s design in PCB incarnation:
> 
> 	https://13-37.org/de/shop/infinite-noise-trng/
> 
> Are there any caveats with regard to volume or speed of doing so ? Or
> is it always a plus ? 
> 
> Actual code at https://github.com/dirkx/infnoise/blob/master/software
> /libinfnoise.c line 122:
> 
> 	if ((devRandomFD = open("/dev/random",O_WRONLY)) <0)
> 		.. error handling
> 
> 	if (write(devRandomFD, bytes, length) != length) 
> 		.. error handling
> 
> And is there any case where length would not return the length
> written — it seems that the driver traps/ignores EINT, EAGAIN and
> short writes ? 
> 
> Or should one check the entropy available in /dev/random (how?) and
> hold off feeding it until it is low enough (this is what the
> infinite-trng seems to do on linux).
> 
> With kind regards,
> 
> Dw

There is no way to check the entropy available in /dev/random because
the whole concept doesn't apply. Entropy isn't a limited resource that
can be exhausted after the prng is seeded at boot time.

When asking our prng gurus for advice on writing a device driver for an
on-chip entropy source, the advice I got was basically: there's no need
to feed in more entropy on an ongoing basis, but no harm in doing so
either, within reason. The recommendation was to feed at or below an
average rate of about 128 bits/second. Pushing in more isn't harmful,
just wasteful of system resources because it doesn't make anything
better.

-- Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1531317515.66719.20.camel>