Date: Mon, 19 Aug 2013 08:13:53 +0100 From: Mark R V Murray <mark@grondar.org> To: Warner Losh <imp@bsdimp.com> Cc: Tim Kientzle <tim@kientzle.com>, FreeBSD-arch Arch <freebsd-arch@freebsd.org>, secteam@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Message-ID: <3513A465-AD8D-4DDC-9408-2F89F9B86404@grondar.org> In-Reply-To: <12B58C72-CFE3-4AD4-AD03-462A10E431D9@bsdimp.com> References: <20130807183112.GA79319@dragon.NUXI.org> <86pptfnu33.fsf@nine.des.no> <20130815231713.GD76666@x96.org> <20130816002625.GE76666@x96.org> <9B274F48-0C88-4117-BEAC-1A555772A3C5@grondar.org> <86a9kf733d.fsf@nine.des.no> <0C97B866-A169-4141-8368-AA7F5B5382F4@grondar.org> <861u5r71zi.fsf@nine.des.no> <892B11BD-396D-4F82-B97C-753F72CA494D@grondar.org> <86r4dr5j3p.fsf@nine.des.no> <4C1BD77C-8C6B-4044-9285-5978A3BC4B70@kientzle.com> <12B58C72-CFE3-4AD4-AD03-462A10E431D9@bsdimp.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 19 Aug 2013, at 08:09, Warner Losh <imp@bsdimp.com> wrote: >> Besides Yarrow and Fortuna mixers, we could then >> offer a "null mixer" option that selected the single >> "best" entropy source and passed it directly through. > > I'm still wondering why timecounters aren't the right model to follow here, where you can have several compiled into the kernel and the one with the best score wins. How would they get a score, and how would it be decided which is better? How is the score "calibrated"? >> Users could compile the null mixer into the kernel >> and load a single HW RNG driver to have precise >> control over /dev/random. Interrupt harvesting would >> be the lowest-quality source as a fall back. >> >> In particular, this has a reasonable failure mode if >> someone built a kernel with only a single HW entropy >> source and the null mixer: >> * On hardware with that source, they would get >> full-speed HW entropy. >> * On hardware without that source, they would get >> the old blocking /dev/random that we had before >> Yarrow, the one that used only interrupt harvesting. > > Assuming there was enough interrupt entropy to generate bits… See Ferguson & Schneier on this (qv my follow-up). M -- Mark R V Murray [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUhHFt958vKOKE6LNAQpttwP8DqaLAcLTQEWdfQCdrZkv+hdk/Rt5dPXT FIYqkknkPoLX6Ly6dyUmlOLtFAsyAkG428Y8gpN28pi/WkTIc5WHq/B2XMJsmDWN Zl2P0HeGH1IqrmwioKGBE92hASJ6x8hosmICFN7mkf5DVTUDs7NVkChHPPl31DG7 J9+w81Re2Xo= =zMFZ -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3513A465-AD8D-4DDC-9408-2F89F9B86404>