cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar

[Mark Murray]

Sam Leffler writes:
> On Apr 10, 2004, at 1:54 AM, Mark Murray wrote:
> > If it is felt that further whitening of the VIA C3 RNG is needed,
> > then I believe that Yarrow would be overkill, and that a much
> > smaller hash function will be sufficient.
>
> Unless I misread the paper it seemed very clear in stating that you
> need to post-process the h/w RNG.  I run all my h/w entropy sources
> through the rndtest module (FIPS-140 testing) and frequently see that
> h/w entropy sources are not to be trusted (note that rndtest samples
> the entropy and that the FIPS test suite is far less stringent than
> the testing done in the papers).

I'll look at putting a low-overhead entropy-pool-stirrer after the C3
RNG.

> I have not had time to review Marks changes but I agree with Nate
> that h/w entropy sources should not be trusted and some form of
> post-processing must be done.  Whether this is Yarrow or something
> else is unclear but the papers cited did a thorough analysis while all
> I've seen from Mark are statements that he believes these sources are
> good.  When it comes to stuff like this I believe strongly in taking a
> conservative approach.

Actually, the paper that Nate pointed at said that each bit of entropy
that the C3 RNG supplied delivered between 2/3 and nearly 1 bit of
"good" randomness. If the on-chip whitener was on, then "0.99 bits per
bit supplied" (my paraphrase) was given.

Still, opinion seems to be in favour of further postprocessing, so I'll
do it.

M
--
Mark Murray
iumop ap!sdn w,I idlaH