random(4) plugin infrastructure for mulitple RNG in a modular fashion

[Mark R V Murray]

On 19 Aug 2013, at 08:24, Warner Losh <imp at bsdimp.com> wrote:
>> How would they get a score, and how would it be decided which is better? How is the score "calibrated"?
> 
> For timecounters, we make judgements based on how good or bad we think the timekeeping ability of the underlying device. I'd imagine that we'd rate the hardware RNGs high, and the fallback means of harvesting entropy from interrupts medium, and anything that's really really bad as low. This would allow for the hardware RNGs to override the other sources of entropy, while still allowing fallback to reasonable entropy on devices that are known suspect (While still allowing the pig-headed and/or externally constrained folks to use the bad sources).

Aaah - so its a coarse good/average/bad thing, rather than a fine-grained number giving precise/critical ordering?

> For the mixers, the scoring mechanism makes less sense. You'd want more of an ordered list specified by the user to dictate policy to choose between nothing, fortuna and yarrow.

The mixers won't care, correct. As for the rest, its a bit of a tree of choices: HW branch - choice of "good" sources only (?). SW branch - choice of Yarrow/Fortuna and which sources (currently four, but will be increased) to harvest from.

> You'd also want a parameter to deal with failure here: panic or block.

Right, and a default for GENERIC.

M
-- 
Mark R V Murray

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 353 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130819/9f8f51f1/attachment.sig>