From owner-freebsd-arch@FreeBSD.ORG  Fri Aug  9 07:46:25 2013
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id DC6D0204
 for <freebsd-arch@freebsd.org>; Fri,  9 Aug 2013 07:46:24 +0000 (UTC)
 (envelope-from fabient@freebsd.org)
Received: from work.netasq.com (gwlille.netasq.com [91.212.116.1])
 by mx1.freebsd.org (Postfix) with ESMTP id 7612F2445
 for <freebsd-arch@freebsd.org>; Fri,  9 Aug 2013 07:46:23 +0000 (UTC)
Received: from work.netasq.com (localhost [127.0.0.1])
 by work.netasq.com (Postfix) with ESMTP id 234AF2706321;
 Fri,  9 Aug 2013 09:46:17 +0200 (CEST)
Received: from [10.2.1.1] (unknown [91.212.116.2])
 by work.netasq.com (Postfix) with ESMTPSA id EB5AA2706092;
 Fri,  9 Aug 2013 09:46:16 +0200 (CEST)
Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular
 fashion
Mime-Version: 1.0 (Apple Message framework v1283)
From: Fabien Thomas <fabient@freebsd.org>
In-Reply-To: <50BE6942-CC39-413C-8E14-C6B93440901B@grondar.org>
Date: Fri, 9 Aug 2013 09:46:16 +0200
Message-Id: <CD5D58DE-C411-40D5-9A7E-79549D21D723@freebsd.org>
References: <20130807182858.GA79286@dragon.NUXI.org>
 <20130807192736.GA7099@troutmask.apl.washington.edu>
 <CAGE5yCq+s6kYtVYyxi27RAqPmvpV42nNNykm2+2x1EJGCihYXw@mail.gmail.com>
 <5203968D.7060508@freebsd.org>
 <7018AAA9-0A88-430F-96B7-867E5F529B36@bsdimp.com>
 <50BE6942-CC39-413C-8E14-C6B93440901B@grondar.org>
To: Mark R V Murray <mark@grondar.org>
X-Mailer: Apple Mail (2.1283)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: freebsd-arch@freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 07:46:25 -0000

>>=20
>> On Aug 8, 2013, at 7:01 AM, Andrey Chernov wrote:
>>=20
>>> Many years ago I already suggest to de-modularize random (making it =
not
>>> optional), with fallback to yarrow if hardware RNGs can't be probed =
or
>>> not configured.
>>=20
>> I think that the 'fallback to yarrow' is necessary here.
>=20
> My current inclination is to make Yarrow the basic device (or "Fortuna =
Lite", but that is a problem for MUCH later), and make the hardware =
devices feed Yarrow, if they are present.


I also think this is the best option to have as a default:

- Keep a good software random
- Add more source of entropy at early boot
- Dont trust HW random (keep it as one probed source of seed)

User can choose to switch to pure HW random to replace SW.

A good source of information here:
=
http://th.informatik.uni-mannheim.de/people/lucks/papers/Ferguson/Fortuna.=
pdf

Fabien=