On 19 July, 2013 - KheOps wrote: > Hey, > > Le 19/07/2013 14:22, Petter Ericson a écrit : > >> Just came accross this article, apparently showing the bad quality of > >> the hardware RNG in Raspberri Pi devices. > >> > >> http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/ > > > > I see nothing in the blog post indicating that the random data from the > > Pi HW is bad. Rather, he uses that to show how good random data should look, > > after which he implements RANDU to show how _not_ to do it. > > > > I have seen this being posted here and there as a "look, Pi HWrand bad" > > thing, but I have to wonder how many actually read the blog post, > > considering > > he even ran rngtest for a thousand runs with no failures on the output of > > /dev/hwrng > > I might have read it and concluded too fast, and yes obviously he shows > how another implementation is failing. > > But I see this: > sudo cat /dev/hwrng | rngtest -c 1000 > which for me refers to the previously installed driver for RasPi > > and then he says: "We were lucky that none of the tests failed for that > run; sometimes there are a few failures. RANDU, on the other hand fares > very badly" > > Meaning that RANDU is really bad whereas the RasPi one would be ... > better but still failing to pass some tests in some occasions?
You raise a good point. I must admit ignorance in regards to the specifics of linux, HWRNGs, /dev/hwrng and /dev/random, but my personal guess would be that /dev/hwrng supplies true random values, while /dev/random is the place to look for properly hashed and checked random output. Having true random values fail a FIPS-140 test is definitely not out of the realm of possibility, though I have no idea how common it would be. It might be a good idea to do some digging around the components and source code, though. If for no other reason than it always is. Best /P -- Petter Ericson ([email protected]) Telecomix Sleeper Jellyfish -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
