HW fed /dev/random
Mark R V Murray
mark at grondar.org
Wed Sep 11 17:15:04 UTC 2013
On 10 Sep 2013, at 19:13, Harald Schmalzbauer <h.schmalzbauer at omnilan.de> wrote:
> Hello,
>
> some time ago, before random(4) was rewritten for FreeBSD 5 by Mark
> Murray, we had rng, the i815 hardware random number generator.
> At this time, there were rumors about the quality of the randomness.
>
> Now we have rdrand (BullMountain hardware random generator in IvyBridge)
> and Dual_EC_DRBG (NSA's NIST contribution) makes me wonder if quality is
> again something to worry about - although kib's commit message states:
> „From the Intel whitepapers and articles about Bull Mountain, it seems
> that we do not need to perform post-processing of RDRAND results, like
> AES-encryption of the data with random IV and keys, which was done for
> Padlock. Intel claims that sanitization is performed in hardware.“
>
> When we use the software random device, one has great control over
> /dev/random with sysctk kern.random.
> Are there considerations to extend the HW-rng-implementation by optional
> post processing?
Yes. This was discussed in Cambridge recently, and will no doubt be brought
up again in Malta. There are indeed plans to post-process the output of
rdrand.
M
--
Mark R V Murray
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 353 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20130911/b6a23aef/attachment.sig>
More information about the freebsd-current
mailing list