RNG implementations and their problems

Paul Hoffman paul.hoffman at vpnc.org
Sun Dec 4 19:37:37 EST 2005 

At 10:54 PM -0600 12/3/05, Travis H. wrote:
>I'm dissatisfied with the state of /dev/random devices on Unix.

Depends on what you mean by "Unix". FreeBSD 5 and 6 have much of what you want.

>So far I haven't seen any userland tools for updating the entropy count.

 From 'man 4 random':
      If the device has is using the software generator, writing data to random
      would perturb the internal state.  This perturbation of the internal
      state is the only userland method of introducing extra entropy into the
      device.  If the writer has superuser privilege, then closing the device
      after writing will make the software generator reseed itself.  This can
      be used for extra security, as it immediately introduces any/all new
      entropy into the PRNG.

>The entropy harvesting and estimation code is bound too tightly to the
>entropy pool.
>
>It is in kernelspace so cannot do floating point, like measuring
>chi-square or Shannon entropy to estimate the amount of randomness.

      The software random device may be controlled with sysctl(8).

      To see the devices' current settings, use the command line:

            sysctl kern.random

      which results in something like:

            kern.random.sys.seeded: 1
            kern.random.sys.burst: 20
            kern.random.sys.harvest.ethernet: 0
            kern.random.sys.harvest.point_to_point: 0
            kern.random.sys.harvest.interrupt: 0
            kern.random.yarrow.gengateinterval: 10
            kern.random.yarrow.bins: 10
            kern.random.yarrow.fastthresh: 100
            kern.random.yarrow.slowthresh: 160
            kern.random.yarrow.slowoverthresh: 2

      (These would not be seen if a hardware generator is present.)

      All settings are read/write.

Thus, you can do your own calculations and change the paramters to 
your heart's content (assuming you have root privs).

(...Other Linux-specific complaints elided...)

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list