Date: Tue, 21 Aug 2012 20:22:02 +1000 From: Peter Jeremy <peter@rulingia.com> To: freebsd-arch@freebsd.org Subject: Re: /dev/random Message-ID: <20120821102202.GA85982@server.rulingia.com> In-Reply-To: <20120821084315.GL33100@deviant.kiev.zoral.com.ua> References: <CAG5KPzxd16k12adjsbtF5S7XTYk61rkv903nUc0ub=c0bHBKCg@mail.gmail.com> <76710.1345538028@critter.freebsd.dk> <20120821084315.GL33100@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Aug-21 00:10:36 -0700, Doug Barton <dougb@FreeBSD.org> wrote: >On 08/20/2012 15:55, Peter Jeremy wrote: >> one in the VIA Nehemiah. VIA have published an independent evaluation >> of their RNG which suggests it is a good source of entropy. > >I'm not sure what paper you're referring to, but according to the >padlock programming guide it's a random number generator, not (directly) >an entropy source. That said, it certainly *could* be used as an entropy >source for yarrow. I was referring to: http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/evaluati= on_padlock_rng.pdf >The way I see it, if padlock is available, there should be 3 options: > >1. Use it as the exclusive feed for /dev/random This is currently the only option. On 2012-Aug-21 12:17:52 +0400, Lev Serebryakov <lev@serebryakov.spb.ru> wro= te: >PJ> RNG. FreeBSD random(4) currently only supports one hardware RNG - the >PJ> one in the VIA Nehemiah. VIA have published an independent evaluation > But `man glxsb' says, for example, that its hardware RNG is used to >harvest entropy... On 2012-Aug-21 08:33:48 +0000, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >I belive this is wrong: hifn7751.c also feeds Yarrow/random(4). The random(4) man page (and my repetition of it) is somewhat misleading here. The current random(4) code uses the VIA Nehemiah Padlock (with a Davies-Meyer hash) if it's available, otherwise it uses Yarrow. If Yarrow is selected, it uses a variety of entropy sources (as available): "Pure entropy" is regularly harvested from: glxsb(4), hifn(4), safe(4), ubsec(4), MIPS Octeon rnd(4) syscons(4) mouse and keyboard events Various events controlled via kern.random.sys.harvest sysctls: kern.random.sys.harvest.ethernet (default enabled) incoming ethernet packets kern.random.sys.harvest.point_to_point (default enabled) packets written to tun(4), netgraph receive hook kern.random.sys.harvest.interrupt (default enabled): adv(4), adw(4), aha(4), ahb(4), ahci(4), aic(4), amr(4), asr(4), ata(4), bm(4), bt(4), cuda(4), dpt(4), fdc(4), glc(4), ida(4), isp(4), mlx(4), mly(4), mpt(4), mvs(4), ncr(4), ncv(4), nsp(4), pmu(4), ps3cdrom(4), ps3disk(4), pst(4), siis(4), stg(4), sym(4), twe(4), vtblk(4), wds(4) kern.random.sys.harvest.swi (default disabled) Not currently used (or supported) Note that there's also a rndtest(4) device that can monitor the output =66rom hifn(4), safe(4) and ubsec(4). >That said, purely on principle I'm with Ben here: All sources of >entropy should be fed to Yarrow by default. The only reason I can think of for bypassing Yarrow would be to increase the rate at which you can read bits from /dev/random. On 2012-Aug-21 11:43:15 +0300, Konstantin Belousov <kostikbel@gmail.com> wr= ote: >The question should become much more practical in the short term, >since IvyBridge has supposedly high-quality RNG in CPU (uncore). Someone(TM) just needs to copy implement the relevant code. --=20 Peter Jeremy --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlAzYUoACgkQ/opHv/APuIc2RACeL3beBc2fe99yGpZNhCJ0aeiD dGAAnRZVcW3h3bJdrWZbDX5lbeWy8lXD =2Vmo -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120821102202.GA85982>