Date: Wed, 6 Mar 2002 10:30:27 -0500 (EST) From: Adrian Filipi-Martin <adrian@ubergeeks.com> To: Mark Murray <mark@grondar.za> Cc: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>, <kaj@ubergeeks.com> Subject: Re: Intel 820 RNG Message-ID: <20020306102600.L56921-100000@lorax.ubergeeks.com> In-Reply-To: <200203052342.g25NgTRV079032@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Mar 2002, Mark Murray wrote: > > We did make some enhancements that serve our needs, but may not be > > best for everyone. We actually need entropy in quantity since we could be > > doing a lot of crypto operations back to back and it can easily become our > > worst bottleneck. > > Have you looked at the "Yarrow" algorithm? Yes. I actually grilled you a bit about this at BSDCon 2000. :-) AFAIK, it will never be back ported to 4-STABLE. Is there an option that's appeared for FreeBSD besides this in the last 18 months? > In CURRENT, I have implemented Yarrow to achieve just this purpose. > > > The drawback to our approach is that it can spend a lot of time in > > the kernel. To tune this behavior we added a few sysctl's. The start/stop > > script after the diff's tweaks a few of these settings after boot up. > > Again, look at current. The RNG is _really_ fast. I know. I know. I wish we could use it. Unfortunately this is for an appliance type application and I just don't feel comfortably shipping -CURRENT as product. I'm only just now making the effort to get up to speed on -CURRENT so that we can be ready to use it later this year. Adrian -- [ adrian@ubergeeks.com ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020306102600.L56921-100000>