/dev/random

Peter Jeremy peter at rulingia.com
Tue Aug 21 10:22:11 UTC 2012 

On 2012-Aug-21 00:10:36 -0700, Doug Barton <dougb at FreeBSD.org> wrote:
>On 08/20/2012 15:55, Peter Jeremy wrote:
>> one in the VIA Nehemiah.  VIA have published an independent evaluation
>> of their RNG which suggests it is a good source of entropy.
>
>I'm not sure what paper you're referring to, but according to the
>padlock programming guide it's a random number generator, not (directly)
>an entropy source. That said, it certainly *could* be used as an entropy
>source for yarrow.

I was referring to:
http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/evaluation_padlock_rng.pdf

>The way I see it, if padlock is available, there should be 3 options:
>
>1. Use it as the exclusive feed for /dev/random

This is currently the only option.

On 2012-Aug-21 12:17:52 +0400, Lev Serebryakov <lev at serebryakov.spb.ru> wrote:
>PJ> RNG.  FreeBSD random(4) currently only supports one hardware RNG - the
>PJ> one in the VIA Nehemiah.  VIA have published an independent evaluation
>  But  `man  glxsb'  says, for example, that its hardware RNG is used to
>harvest entropy...

On 2012-Aug-21 08:33:48 +0000, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>I belive this is wrong:  hifn7751.c also feeds Yarrow/random(4).

The random(4) man page (and my repetition of it) is somewhat
misleading here.  The current random(4) code uses the VIA Nehemiah
Padlock (with a Davies-Meyer hash) if it's available, otherwise it
uses Yarrow.  If Yarrow is selected, it uses a variety of entropy
sources (as available):

"Pure entropy" is regularly harvested from:
   glxsb(4), hifn(4), safe(4), ubsec(4), MIPS Octeon rnd(4)

syscons(4) mouse and keyboard events

Various events controlled via kern.random.sys.harvest sysctls:
  kern.random.sys.harvest.ethernet (default enabled)
    incoming ethernet packets

  kern.random.sys.harvest.point_to_point (default enabled)
    packets written to tun(4), netgraph receive hook

  kern.random.sys.harvest.interrupt (default enabled):
    adv(4), adw(4), aha(4), ahb(4), ahci(4), aic(4), amr(4), asr(4),
    ata(4), bm(4), bt(4), cuda(4), dpt(4), fdc(4), glc(4), ida(4),
    isp(4), mlx(4), mly(4), mpt(4), mvs(4), ncr(4), ncv(4), nsp(4),
    pmu(4), ps3cdrom(4), ps3disk(4), pst(4), siis(4), stg(4), sym(4),
    twe(4), vtblk(4), wds(4)

  kern.random.sys.harvest.swi (default disabled)
    Not currently used (or supported)

Note that there's also a rndtest(4) device that can monitor the output
from hifn(4), safe(4) and ubsec(4).

>That said, purely on principle I'm with Ben here:  All sources of
>entropy should be fed to Yarrow by default.

The only reason I can think of for bypassing Yarrow would be to
increase the rate at which you can read bits from /dev/random.

On 2012-Aug-21 11:43:15 +0300, Konstantin Belousov <kostikbel at gmail.com> wrote:
>The question should become much more practical in the short term,
>since IvyBridge has supposedly high-quality RNG in CPU (uncore).

Someone(TM) just needs to copy implement the relevant code.

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20120821/4ec43dfd/attachment.pgp

More information about the freebsd-arch mailing list