cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar

Richard Coleman richardcoleman at
Sat Apr 10 11:40:04 PDT 2004

Mark Murray wrote:

> Bruce M Simpson writes:
>>>Actually, I have. I read it again, now, to be sure. Nothing it says
>>>suggests that what I did here is a "huge mistake". Nearest I get is
>>>the suggestion that the output from the on-chip RNG is used as a
>>>source for a hash function (like Yarrow). I feel that is overkill,
>>>and that the output of the on-chip RNG is sufficient.
>>I'm inclined to trust your judgement here on this, Mark, but Nate does
>>have a valid point; we need to be sure that the entropy sources are of
>>sufficiently high quality or we risk compromising the system.
>>If you could cite some independent tests for the VIA C3 on-chip RNG
>>that would be very helpful to all.
> How about Nate's paper? It gives the VIA C3 a very high assessment WRT
> the quality of the entropy delivered.
> If it is felt that further whitening of the VIA C3 RNG is needed,
> then I believe that Yarrow would be overkill, and that a much smaller
> hash function will be sufficient.
> M
> --
> Mark Murray

What do you have in mind?  AES is already one of the faster ciphers 
around.  You could reduce the number of rounds used for AES, but it 
would be hard to estimate the cryptographic strength.

Richard Coleman
richardcoleman at

More information about the cvs-src mailing list