From owner-freebsd-arch@FreeBSD.ORG Wed Aug 22 05:22:17 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B551B106566B; Wed, 22 Aug 2012 05:22:17 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7A4128FC16; Wed, 22 Aug 2012 05:22:17 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so976403pbb.13 for ; Tue, 21 Aug 2012 22:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=fQx4dWsNbKvi2UsL96zsF23jQIDNlWTWxnM936WVYdg=; b=luTJMIwT0gidB2K9gvLOpEGGc/iutUuv/KaydRy/H9a225bv9Ij7pW3CuDvKZNx4Xw 6bzfwyf38e3GVve/NPt342kmjNQgOez1ps7Dyo/xvMQrnDjOaSAxlgfiL11RKjWVxsKr BuV+8fIbyc5gXYrY8Q5rcZmGTeAoqm/2aZ/olLa8+Ih76t9JHvkhcBubwy9UcjWjmiVh 0X5UChIiRXg2Gnyt7GY0B5EHeLNoYjD5qvzFZPTMywI/aUTB0wG+sBI53XZD6n/zcO3e IOeJ/I2JtMYEV2Kwm+TkjJyfPEE8du4DgouohMXJWoBgL7LpKjj2odkuiBHXYQoYskUt 3EqQ== Received: by 10.68.216.136 with SMTP id oq8mr50519917pbc.68.1345612937105; Tue, 21 Aug 2012 22:22:17 -0700 (PDT) Received: from localhost (c-24-130-155-143.hsd1.ca.comcast.net. [24.130.155.143]) by mx.google.com with ESMTPS id qx8sm2933239pbc.63.2012.08.21.22.22.15 (version=SSLv3 cipher=OTHER); Tue, 21 Aug 2012 22:22:16 -0700 (PDT) Date: Tue, 21 Aug 2012 22:22:21 -0700 From: Gleb Kurtsou To: Ben Laurie Message-ID: <20120822052221.GA1692@reks> References: <20120820220243.GA96700@troutmask.apl.washington.edu> <20120820225504.GA78528@server.rulingia.com> <5033346C.3080907@FreeBSD.org> <20120821073931.GA99502@troutmask.apl.washington.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Doug Barton , Steve Kargl , freebsd-arch@freebsd.org Subject: Re: /dev/random X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 05:22:17 -0000 On (21/08/2012 09:25), Ben Laurie wrote: > On Tue, Aug 21, 2012 at 8:39 AM, Steve Kargl > wrote: > > On Tue, Aug 21, 2012 at 12:10:36AM -0700, Doug Barton wrote: > >> On 08/20/2012 15:55, Peter Jeremy wrote: > >> > On 2012-Aug-20 23:05:39 +0100, Ben Laurie wrote: > >> >>> Well, it's hard to comment when you failed to explain > >> >>> *why* you think it is a mistake. > >> >> > >> >> Sorry - because I do not think it is wise to trust the h/w prng so > >> >> much we discard other entropy. > >> > > >> > This depends on the relative predictability of Yarrow vs the hardware > >> > RNG. > >> > >> Throughout this thread people have been mixing up entropy sources, and > >> hardware and software PRNGs. A PRNG has (at least) 2 components, the > >> entropy source(s), and the software that turns the entropy into a stream > >> of pseudo-random output. > >> > >> You can't directly compare "yarrow" vs. Padlock without comparing both > >> elements. > > > > Well, only one person seems confused, but OP seems to > > remain adament in being terse in his questions. Yes, > > it seems OP has conflated PRNG and entropy, but again > > he seems to not want to explain his point of view. > > Entropy is a poorly defined word, and PRNGs have some (we hope). In my experience using *single* explicit entropy source was often a requirement. In some cases it was even forbidden to use internal PRNG of any sort, you had to wait for external randomness to become available. Anyway mixing several entropy sources was never acceptable. You either have good entropy/randomness source or not. The whole thing was due to conformance to standards, acquiring licenses, etc. Clearly it's not what FreeBSD aims at. And let me stress it - randomness always was a crucial point. People would care more about randomness than algorithm implementation issues. Just my 2 cents. p.s. It doesn't answer your original question, but hopefully can be useful. > > So, as someone else already explained, there's a hardware entropy > source in the VIA Nehemiah. I don't think it really matters whether > this is "raw" entropy or a PRNG, what matters is that it seems like a > bad idea to trust it so much that we don't use other entropy sources > in conjunction with it. > > As for how it should be fixed, my view is that it should be used as an > entropy source for yarrow, but I'm not against Doug's 3 options. > > >> > FreeBSD random(4) currently only supports one hardware RNG - the > >> > one in the VIA Nehemiah. VIA have published an independent evaluation > >> > of their RNG which suggests it is a good source of entropy. > >> > >> I'm not sure what paper you're referring to, but according to the > >> padlock programming guide it's a random number generator, not (directly) > >> an entropy source. That said, it certainly *could* be used as an entropy > >> source for yarrow. > > > > I suspect Jeremy has read the /dev/random code; not some paper. > > > > UTSL. > > > > -- > > Steve