-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha!
Fabio Pietrosanti (naif) wrote: > i found such a very nice piece of software that's said to provide > added entropy using HAVEGE algorithm: > http://www.issihosts.com/haveged/ > http://www.irisa.fr/caps/projects/hipsor/ Yes. I've done some testing of Havege. Generating ~100 MByte of data and tested it with Dieharder. Data generated on late x86-64 arch yielded good quality random numbers. Havege generates entropy in good quantity and the entropy source is does not depend on an external physical source. I have concerns though on embedded SSL stacks that use Havege as entropy source on MCUs such as AVR32 and ARM. Havege is based on the assumption that instruction execution varies and tries to force cache misses to increase execution variance by forcing hitting all levels in the cache hierarchy including main store. But on RISC architectures with few or no levels of cache memories this assumption does not hold. Note that I have not yet tested Havege on these architectures though. Also, the entropy estimator supplied with Havege is (was) broken. We tested Havege in a system simulator where we could manipulate/force the TSC which means that Havege generated predictable values. The estimator happily reported good entropy. On an x86-based server you can use Havege, but use it to feed /dev/random, not as a RNG directly. The same goes for Jytter. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlKU47wACgkQZoPr8HT30QHXggCfVDh0SCq2wO1fyc9ACQ5ETsj9 0OUAn0yb8GHVZDTjiMPNyADITWWVnkfr =mrK9 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
