random(4) plugin infrastructure for mulitple RNG in a modular fashion
Warner Losh
imp at bsdimp.com
Fri Sep 6 15:47:02 UTC 2013
On Aug 24, 2013, at 2:35 AM, Mark R V Murray wrote:
>
> On 24 Aug 2013, at 00:18, John-Mark Gurney <jmg at funkthat.com> wrote:
>
>> Tim Kientzle wrote this message on Sun, Aug 18, 2013 at 12:27 -0700:
>>> But clearly some people really want to be able to
>>> force /dev/random to be the unconditioned output
>>> of a particular HW RNG. I don't know if this is a
>>> good idea or not, but clearly there are people who
>>> want this.
>>
>> Considering that the Ivy bridge's rdrand implementation already uses
>> AES to condition the raw entropy source, using Yarrow/etc to
>> additionally condition it seems excesive, hence why some people want
>> to use it directly…
>
> Nehemiah as well, using a Davies-meyer hash in software. However, what
> may be excessive for one person may be another's requirement.
Especially in light of the recent NSA revelations... I for one won't trust hardware random number generation...
I find it interesting that earlier in the thread there was a desire by a certain router company to fulfill the NSA's requirement that it use the random number stream from the intel chips directly, and that's what kicked off this overly long thread.
Warner
More information about the freebsd-arch
mailing list