From owner-freebsd-arch@FreeBSD.ORG Tue Aug 21 08:25:38 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 400551065670; Tue, 21 Aug 2012 08:25:38 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id E7D0F8FC14; Tue, 21 Aug 2012 08:25:37 +0000 (UTC) Received: by ialo14 with SMTP id o14so4128648ial.13 for ; Tue, 21 Aug 2012 01:25:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=ahfSDNBDJcK99+gy6udO5cBwI7Gviex+cCiAkjMZoTI=; b=ChSmdQIi7h/uFUsRvKD/P5pxlSOHEo43Dq4bvnH1CBXSPkBPDXGx1j9NIyu2MszuPB l/MFVQrowune3VaDDdZgIhSID1YRKaHJEZ09duz8CkDIbYJ1IxXmTEiXSvjzovVxmPtL evA6XUmAQV5ognu8IeQDXhaHYKESaVH4gG7n1Jv5TucIXELvOAollymL4I10QrNazYx+ X8RJZDYgroaIsqGUtyFMOZ4e9tJKSk1OGJVKJjejkLlgMf9VuT7iA5M15KCLae9yUW6l HERUE90YIvzjxhw/KVIm1BpAQJiE6Dc3Orp8hino8ynqA2iBVooxCGJLN2dK4jtbD08m BzYg== MIME-Version: 1.0 Received: by 10.50.1.204 with SMTP id 12mr12156005igo.56.1345537537137; Tue, 21 Aug 2012 01:25:37 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.50.101.232 with HTTP; Tue, 21 Aug 2012 01:25:37 -0700 (PDT) In-Reply-To: <20120821073931.GA99502@troutmask.apl.washington.edu> References: <20120820220243.GA96700@troutmask.apl.washington.edu> <20120820225504.GA78528@server.rulingia.com> <5033346C.3080907@FreeBSD.org> <20120821073931.GA99502@troutmask.apl.washington.edu> Date: Tue, 21 Aug 2012 09:25:37 +0100 X-Google-Sender-Auth: O2IRJqwLGfemRFSZsKOwcFZMcc4 Message-ID: From: Ben Laurie To: Steve Kargl Content-Type: text/plain; charset=ISO-8859-1 Cc: Doug Barton , freebsd-arch@freebsd.org Subject: Re: /dev/random X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2012 08:25:38 -0000 On Tue, Aug 21, 2012 at 8:39 AM, Steve Kargl wrote: > On Tue, Aug 21, 2012 at 12:10:36AM -0700, Doug Barton wrote: >> On 08/20/2012 15:55, Peter Jeremy wrote: >> > On 2012-Aug-20 23:05:39 +0100, Ben Laurie wrote: >> >>> Well, it's hard to comment when you failed to explain >> >>> *why* you think it is a mistake. >> >> >> >> Sorry - because I do not think it is wise to trust the h/w prng so >> >> much we discard other entropy. >> > >> > This depends on the relative predictability of Yarrow vs the hardware >> > RNG. >> >> Throughout this thread people have been mixing up entropy sources, and >> hardware and software PRNGs. A PRNG has (at least) 2 components, the >> entropy source(s), and the software that turns the entropy into a stream >> of pseudo-random output. >> >> You can't directly compare "yarrow" vs. Padlock without comparing both >> elements. > > Well, only one person seems confused, but OP seems to > remain adament in being terse in his questions. Yes, > it seems OP has conflated PRNG and entropy, but again > he seems to not want to explain his point of view. Entropy is a poorly defined word, and PRNGs have some (we hope). So, as someone else already explained, there's a hardware entropy source in the VIA Nehemiah. I don't think it really matters whether this is "raw" entropy or a PRNG, what matters is that it seems like a bad idea to trust it so much that we don't use other entropy sources in conjunction with it. As for how it should be fixed, my view is that it should be used as an entropy source for yarrow, but I'm not against Doug's 3 options. >> > FreeBSD random(4) currently only supports one hardware RNG - the >> > one in the VIA Nehemiah. VIA have published an independent evaluation >> > of their RNG which suggests it is a good source of entropy. >> >> I'm not sure what paper you're referring to, but according to the >> padlock programming guide it's a random number generator, not (directly) >> an entropy source. That said, it certainly *could* be used as an entropy >> source for yarrow. > > I suspect Jeremy has read the /dev/random code; not some paper. > > UTSL. > > -- > Steve