From owner-freebsd-hackers  Thu Mar  7  6:36: 5 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail.ubergeeks.com (lorax.ubergeeks.com [209.145.65.55])
	by hub.freebsd.org (Postfix) with ESMTP id D744837B405
	for <freebsd-hackers@FreeBSD.ORG>; Thu,  7 Mar 2002 06:35:58 -0800 (PST)
Received: from localhost (adrian@localhost)
	by mail.ubergeeks.com (8.11.6/8.11.6) with ESMTP id g26FURd56934;
	Wed, 6 Mar 2002 10:30:28 -0500 (EST)
	(envelope-from adrian@ubergeeks.com)
Date: Wed, 6 Mar 2002 10:30:27 -0500 (EST)
From: Adrian Filipi-Martin <adrian@ubergeeks.com>
Reply-To: Adrian Filipi-Martin <adrian@ubergeeks.com>
To: Mark Murray <mark@grondar.za>
Cc: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>,
	<kaj@ubergeeks.com>
Subject: Re: Intel 820 RNG 
In-Reply-To: <200203052342.g25NgTRV079032@grimreaper.grondar.org>
Message-ID: <20020306102600.L56921-100000@lorax.ubergeeks.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Tue, 5 Mar 2002, Mark Murray wrote:

> > 	We did make some enhancements that serve our needs, but may not be
> > best for everyone.  We actually need entropy in quantity since we could be
> > doing a lot of crypto operations back to back and it can easily become our
> > worst bottleneck.
>
> Have you looked at the "Yarrow" algorithm?

	Yes.  I actually grilled you a bit about this at BSDCon 2000. :-)
AFAIK, it will never be back ported to 4-STABLE.  Is there an option that's
appeared for FreeBSD besides this in the last 18 months?

> In CURRENT, I have implemented Yarrow to achieve just this purpose.
>
> > 	The drawback to our approach is that it can spend a lot of time in
> > the kernel.  To tune this behavior we added a few sysctl's.  The start/stop
> > script after the diff's tweaks a few of these settings after boot up.
>
> Again, look at current. The RNG is _really_ fast.

	I know.  I know.  I wish we could use it.  Unfortunately this is
for an appliance type application and I just don't feel comfortably
shipping -CURRENT as product.  I'm only just now making the effort to get
up to speed on -CURRENT so that we can be ready to use it later this year.

	Adrian
--
[ adrian@ubergeeks.com ]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message