RNG implementations and their problems
Paul Hoffman
paul.hoffman at vpnc.org
Sun Dec 4 19:37:37 EST 2005
At 10:54 PM -0600 12/3/05, Travis H. wrote:
>I'm dissatisfied with the state of /dev/random devices on Unix.
Depends on what you mean by "Unix". FreeBSD 5 and 6 have much of what you want.
>So far I haven't seen any userland tools for updating the entropy count.
From 'man 4 random':
If the device has is using the software generator, writing data to random
would perturb the internal state. This perturbation of the internal
state is the only userland method of introducing extra entropy into the
device. If the writer has superuser privilege, then closing the device
after writing will make the software generator reseed itself. This can
be used for extra security, as it immediately introduces any/all new
entropy into the PRNG.
>The entropy harvesting and estimation code is bound too tightly to the
>entropy pool.
>
>It is in kernelspace so cannot do floating point, like measuring
>chi-square or Shannon entropy to estimate the amount of randomness.
The software random device may be controlled with sysctl(8).
To see the devices' current settings, use the command line:
sysctl kern.random
which results in something like:
kern.random.sys.seeded: 1
kern.random.sys.burst: 20
kern.random.sys.harvest.ethernet: 0
kern.random.sys.harvest.point_to_point: 0
kern.random.sys.harvest.interrupt: 0
kern.random.yarrow.gengateinterval: 10
kern.random.yarrow.bins: 10
kern.random.yarrow.fastthresh: 100
kern.random.yarrow.slowthresh: 160
kern.random.yarrow.slowoverthresh: 2
(These would not be seen if a hardware generator is present.)
All settings are read/write.
Thus, you can do your own calculations and change the paramters to
your heart's content (assuming you have root privs).
(...Other Linux-specific complaints elided...)
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list