cvs commit: src/sys/modules/random Makefile src/sys/dev/random
randomdev.h randomdev_soft.c randomdev_soft.h yar
Nate Lawson
nate at root.org
Mon Apr 12 17:54:53 PDT 2004
On Mon, 12 Apr 2004, Richard Coleman wrote:
> Nate Lawson wrote:
>
> >>Yarrow's entropy accumulation and PRNG generator parts are disconnected
> >>(that is part of its point), so there is no connection between the
> >>number of bytes harvested and the number of bytes supplied. This
> >>makes a very long armoured pipeline between accumulation and issue,
> >>which seems like overkill when the suppied entropy is 99% OK (far
> >>better than Yarrow currently ever gets, BTW).
> >>
> >>[...]
> >>
> >>Yarrow is unsuitable for this purpose; it is a great generator when
> >>you have a low-entropy environment and you need to protect against
> >>attackers having potential knowledge of the inputs.
> >
> > * XSTORE is an unprivileged operation, users can call it all they want.
> >
> > * If your hardware fails undetectably somehow (101010101...), a
> > single-source PRNG also fails. If we seed our existing PRNG which
> > accepts multiple sources, it doesn't.
> >
> > I think Jacques said it best. All I'm asking is that we use a
> > well-reviewed PRNG and as many entropy sources as possible, including this
> > nice VIA part.
> >
> > -Nate
>
> I agree with this sentiment. The more crypto hardware that becomes
> available, the more of it that will be crap.
Please don't mischaracterize me, that is not what I said. My whole point
with that long strength vs. assurance discussion was to point out the need
for systems to fail closed. I've said nothing about the likelihood of
this particular hardware failing in any way. My concern is that the risk
is higher that we fail open if we neglect to use multiple sources of
entropy and a PRNG with those sources.
I feel I've given enough information, including links to our whitepaper,
for people to consider how to move forward on this. All opinions I've
expressed in this thread are not my employer's. I think VIA has provided
a very useful hardware entropy source; let's properly use it.
-Nate
More information about the cvs-all
mailing list