From owner-freebsd-current@FreeBSD.ORG Wed Sep 11 17:15:04 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id BB2EF140 for ; Wed, 11 Sep 2013 17:15:04 +0000 (UTC) (envelope-from mark@grondar.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 82BDA29BB for ; Wed, 11 Sep 2013 17:15:04 +0000 (UTC) Received: from graveyard.grondar.org ([88.96.155.33] helo=gronkulator.grondar.org) by gromit.grondar.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1VJnwt-000Mve-1c; Wed, 11 Sep 2013 18:13:07 +0100 Subject: Re: HW fed /dev/random Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Content-Type: multipart/signed; boundary="Apple-Mail=_179E36D4-3F23-4462-B05B-FED9F63C0425"; protocol="application/pgp-signature"; micalg=pgp-sha512 From: Mark R V Murray In-Reply-To: <522F6155.40101@omnilan.de> Date: Wed, 11 Sep 2013 18:11:25 +0100 Message-Id: <38CD9A0D-7FEF-4F81-9138-1F80E205A9BA@grondar.org> References: <522F6155.40101@omnilan.de> To: Harald Schmalzbauer X-Mailer: Apple Mail (2.1508) X-SA-Score: -2.2 X-Mailman-Approved-At: Wed, 11 Sep 2013 17:26:20 +0000 Cc: FreeBSD CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2013 17:15:04 -0000 --Apple-Mail=_179E36D4-3F23-4462-B05B-FED9F63C0425 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 10 Sep 2013, at 19:13, Harald Schmalzbauer = wrote: > Hello, >=20 > some time ago, before random(4) was rewritten for FreeBSD 5 by Mark > Murray, we had rng, the i815 hardware random number generator. > At this time, there were rumors about the quality of the randomness. >=20 > Now we have rdrand (BullMountain hardware random generator in = IvyBridge) > and Dual_EC_DRBG (NSA's NIST contribution) makes me wonder if quality = is > again something to worry about - although kib's commit message states: > =84=46rom the Intel whitepapers and articles about Bull Mountain, it = seems > that we do not need to perform post-processing of RDRAND results, like > AES-encryption of the data with random IV and keys, which was done for > Padlock. Intel claims that sanitization is performed in hardware.=93 >=20 > When we use the software random device, one has great control over > /dev/random with sysctk kern.random. > Are there considerations to extend the HW-rng-implementation by = optional > post processing? Yes. This was discussed in Cambridge recently, and will no doubt be = brought up again in Malta. There are indeed plans to post-process the output of rdrand. M --=20 Mark R V Murray --Apple-Mail=_179E36D4-3F23-4462-B05B-FED9F63C0425 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUjCkPd58vKOKE6LNAQpxFAQAl/PIG1sHqRXMFe/woJNEWoGVRzo7AvPb iCt6Reo4Vba+xEd6CGYYER2RwtABeVdPzzB9ZN3nHeMhYFwPe/gQsDyVfYdkCUFd wI2OmsGtV3n7v672Em46u+Dk6QGxTJNpWla0dX7fFiETfLqUdNll1MIT0Bd5ZjfL uzqeLwevdks= =qv1X -----END PGP SIGNATURE----- --Apple-Mail=_179E36D4-3F23-4462-B05B-FED9F63C0425--