Date: Wed, 11 Sep 2013 18:11:25 +0100 From: Mark R V Murray <mark@grondar.org> To: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: HW fed /dev/random Message-ID: <38CD9A0D-7FEF-4F81-9138-1F80E205A9BA@grondar.org> In-Reply-To: <522F6155.40101@omnilan.de> References: <522F6155.40101@omnilan.de>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 10 Sep 2013, at 19:13, Harald Schmalzbauer <h.schmalzbauer@omnilan.de> wrote: > Hello, > > some time ago, before random(4) was rewritten for FreeBSD 5 by Mark > Murray, we had rng, the i815 hardware random number generator. > At this time, there were rumors about the quality of the randomness. > > Now we have rdrand (BullMountain hardware random generator in IvyBridge) > and Dual_EC_DRBG (NSA's NIST contribution) makes me wonder if quality is > again something to worry about - although kib's commit message states: > „From the Intel whitepapers and articles about Bull Mountain, it seems > that we do not need to perform post-processing of RDRAND results, like > AES-encryption of the data with random IV and keys, which was done for > Padlock. Intel claims that sanitization is performed in hardware.“ > > When we use the software random device, one has great control over > /dev/random with sysctk kern.random. > Are there considerations to extend the HW-rng-implementation by optional > post processing? Yes. This was discussed in Cambridge recently, and will no doubt be brought up again in Malta. There are indeed plans to post-process the output of rdrand. M -- Mark R V Murray [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUjCkPd58vKOKE6LNAQpxFAQAl/PIG1sHqRXMFe/woJNEWoGVRzo7AvPb iCt6Reo4Vba+xEd6CGYYER2RwtABeVdPzzB9ZN3nHeMhYFwPe/gQsDyVfYdkCUFd wI2OmsGtV3n7v672Em46u+Dk6QGxTJNpWla0dX7fFiETfLqUdNll1MIT0Bd5ZjfL uzqeLwevdks= =qv1X -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38CD9A0D-7FEF-4F81-9138-1F80E205A9BA>