From nobody Sat Mar 26 17:29:40 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F41371A3B861 for ; Sat, 26 Mar 2022 17:29:49 +0000 (UTC) (envelope-from freebsd-lists@sensation.net.au) Received: from satin.sensation.net.au (satin.sensation.net.au [203.20.114.253]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "satin.sensation.net.au", Issuer "satin.sensation.net.au" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KQmDX3Qr9z4fT8 for ; Sat, 26 Mar 2022 17:29:45 +0000 (UTC) (envelope-from freebsd-lists@sensation.net.au) Received: from satin.sensation.net.au (localhost [127.0.0.1]) by satin.sensation.net.au (8.16.1/8.16.1) with ESMTPS id 22QHTe5f035518 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 27 Mar 2022 04:29:41 +1100 (AEDT) (envelope-from freebsd-lists@sensation.net.au) Received: from localhost (rowan2011@localhost) by satin.sensation.net.au (8.16.1/8.16.1/Submit) with ESMTP id 22QHTeBF035515 for ; Sun, 27 Mar 2022 04:29:40 +1100 (AEDT) (envelope-from freebsd-lists@sensation.net.au) X-Authentication-Warning: satin.sensation.net.au: rowan2011 owned process doing -bs Date: Sun, 27 Mar 2022 04:29:40 +1100 (AEDT) From: freebsd-lists@sensation.net.au X-X-Sender: rowan2011@satin.sensation.net.au To: freebsd-security@FreeBSD.org Subject: Adding entropy from external source into random number generator - how? Message-ID: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: inspected by milter-greylist-4.6.2 (satin.sensation.net.au [0.0.0.0]); Sun, 27 Mar 2022 04:29:41 +1100 (AEDT) for IP:'127.0.0.1' DOMAIN:'localhost' HELO:'satin.sensation.net.au' FROM:'freebsd-lists@sensation.net.au' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (satin.sensation.net.au [0.0.0.0]); Sun, 27 Mar 2022 04:29:41 +1100 (AEDT) X-Rspamd-Queue-Id: 4KQmDX3Qr9z4fT8 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-lists@sensation.net.au has no SPF policy when checking 203.20.114.253) smtp.mailfrom=freebsd-lists@sensation.net.au X-Spamd-Result: default: False [-1.09 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.986]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.999]; FROM_NO_DN(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security]; R_SPF_NA(0.00)[no SPF record]; DMARC_NA(0.00)[sensation.net.au]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2764, ipnet:203.20.114.0/24, country:AU]; SUBJECT_ENDS_QUESTION(1.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi all. I was pointed to this mailing list, so I hope my query is reasonably on topic. I've developed simple firmware on a microcontroller which uses the values of multiple floating analog inputs to generate random numbers. I'd like to use this as an external source to add entropy into a FreeBSD system. I think the best way to do it would be to call random_harvest_queue(...), but what do I use as the source enum (see /usr/include/sys/random.h)? ENTROPYSOURCE, I guess? I believe it's also possible to open /dev/random for write to inject entropy, and I'm sure I saw mention of this being available around 12.0R, but I cannot find any mention of that scenario in the man pages. I guess the other question to ask is whether ~45 kilobytes per second of additional entropy is even useful in a typical situation? There's no strict security requirement or anything like that, it's really just a fun project that I'm hoping to actually use. :) All entropy is good entropy, right? Thanks in advance.