random(4) plugin infrastructure for mulitple RNG in a modular fashion
Mark R V Murray
mark at grondar.org
Mon Aug 19 07:14:09 UTC 2013
On 19 Aug 2013, at 08:09, Warner Losh <imp at bsdimp.com> wrote:
>> Besides Yarrow and Fortuna mixers, we could then
>> offer a "null mixer" option that selected the single
>> "best" entropy source and passed it directly through.
>
> I'm still wondering why timecounters aren't the right model to follow here, where you can have several compiled into the kernel and the one with the best score wins.
How would they get a score, and how would it be decided which is better? How is the score "calibrated"?
>> Users could compile the null mixer into the kernel
>> and load a single HW RNG driver to have precise
>> control over /dev/random. Interrupt harvesting would
>> be the lowest-quality source as a fall back.
>>
>> In particular, this has a reasonable failure mode if
>> someone built a kernel with only a single HW entropy
>> source and the null mixer:
>> * On hardware with that source, they would get
>> full-speed HW entropy.
>> * On hardware without that source, they would get
>> the old blocking /dev/random that we had before
>> Yarrow, the one that used only interrupt harvesting.
>
> Assuming there was enough interrupt entropy to generate bits…
See Ferguson & Schneier on this (qv my follow-up).
M
--
Mark R V Murray
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 353 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130819/2107a071/attachment.sig>
More information about the freebsd-arch
mailing list