random(4) plugin infrastructure for mulitple RNG in a modular fashion
Simon J. Gerraty
sjg at juniper.net
Sun Aug 18 21:50:45 UTC 2013
On Sun, 18 Aug 2013 21:02:46 +0100, Mark R V Murray writes:
>On 18 Aug 2013, at 20:27, Tim Kientzle <tim at kientzle.com> wrote:
>> My key claims:
>> * Entropy mixers such as Yarrow, Fortuna, or
>> passthrough are different from entropy sources.
>> Mixers specify how /dev/random is generated from
>> available entropy.
>
>Yes!
I think this is a key point.
One of the problems we face dealing with NSA (or perhaps more accurately
labs representing them) etc, is that they want us to be able to provide
and substantiate claims of entropy *out* of /dev/random.
We can "measure" and analyze the entropy going *into* a mixer
like Yarrow, but it is hard to make assertions about the output beyond
"if I collected N bits of entropy I cannot output more than that".
(it wouldn't be doing a good job of mixing if you could).
I suspect this is a key driver for the plugin arrangement - being able
to address NSA concerns by using a PRNG of and in a manner of their
choosing.
Describing Yarrow/Fortuna as entropy "mixers" (or conditioning
functions) rather than entropy "sources" might help.
More information about the freebsd-arch
mailing list