So much entropy it's coming out of our ears?
mark at grondar.org
Thu Aug 5 00:36:02 PDT 2004
Sam Leffler writes:
> Virtually all performance-sensitive installations will disable entropy
> gathering through fast paths. I've suggested for a long time that this sort
> of collection should be enabled only under dire circumstances and never by
> default. Regardless the last time I looked at the entropy harvesting it used
> a model where entropy was unilateraly sent for harvest and discarded when too
> plentiful. I term this the "push model". I've advocated a "pull model"
> where the PRNG requests entropy when a low water mark is hit and/or a hybrid
> scheme where producers have some sort of flow control or feedback mechanism.
Yarrow is not conducive to "water-mark" type flow-control, but I'm looking
at replacing Yarrow with Fortuna (code at an advanced stage). This should
improve things all-round.
> Everything that goes on inside the PRNG is a separate issue.
iumop ap!sdn w,I idlaH
More information about the freebsd-current