cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar

Mark Murray mark at
Sat Apr 10 15:10:32 PDT 2004

Sam Leffler writes:
> On Apr 10, 2004, at 1:54 AM, Mark Murray wrote:
> > If it is felt that further whitening of the VIA C3 RNG is needed,
> > then I believe that Yarrow would be overkill, and that a much
> > smaller hash function will be sufficient.
> Unless I misread the paper it seemed very clear in stating that you
> need to post-process the h/w RNG.  I run all my h/w entropy sources
> through the rndtest module (FIPS-140 testing) and frequently see that
> h/w entropy sources are not to be trusted (note that rndtest samples
> the entropy and that the FIPS test suite is far less stringent than
> the testing done in the papers).

I'll look at putting a low-overhead entropy-pool-stirrer after the C3

> I have not had time to review Marks changes but I agree with Nate
> that h/w entropy sources should not be trusted and some form of
> post-processing must be done.  Whether this is Yarrow or something
> else is unclear but the papers cited did a thorough analysis while all
> I've seen from Mark are statements that he believes these sources are
> good.  When it comes to stuff like this I believe strongly in taking a
> conservative approach.

Actually, the paper that Nate pointed at said that each bit of entropy
that the C3 RNG supplied delivered between 2/3 and nearly 1 bit of
"good" randomness. If the on-chip whitener was on, then "0.99 bits per
bit supplied" (my paraphrase) was given.

Still, opinion seems to be in favour of further postprocessing, so I'll
do it.

Mark Murray
iumop ap!sdn w,I idlaH

More information about the cvs-src mailing list