cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar

Nate Lawson nate at
Sat Apr 10 15:55:41 PDT 2004

On Sat, 10 Apr 2004, Mark Murray wrote:
> Richard Coleman writes:
> > > If it is felt that further whitening of the VIA C3 RNG is needed,
> > > then I believe that Yarrow would be overkill, and that a much smaller
> > > hash function will be sufficient.
> >
> > What do you have in mind?  AES is already one of the faster ciphers
> > around.  You could reduce the number of rounds used for AES, but it
> > would be hard to estimate the cryptographic strength.
> The C3 chip has AES on board, so something like this may do the trick:
> key = C3RNG();
> seed ^= C3RNG(); /* seed is static */
> output = encryptAES(key, seed);

How much assurance is gained in designing a new PRNG that duplicates an
existing PRNG already available and is used with only one source of

> Cryptographic strength is of lesser importance here, as the key
> input is Very Nicely Random(tm), however AES's speed and spectral
> qualities make it a good choice. It is important to remember that
> the hash is purely there to destroy any trends/tendencies that the
> hardware generator may have, and for that purpose an LFSR may work
> just fine. The hash is a "Whitener", and its requirements here are
> that its output spectrum is flat.

An LFSR is not a cryptographic hash function.  Do not use one to implement


More information about the cvs-src mailing list