On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote: > On 19/07/13 13:03, KheOps wrote: > > Just came accross this article, apparently showing the bad quality > > of the hardware RNG in Raspberri Pi devices. > > > > http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/ > > > > Quite interesting since (pseudo-) random numbers are heavily used > > in crypto. Interesting also to see another post on this topic, > > after the study of a random number generation procedure formerly > > used in Cryptocat and that was also problematic. > > Is that what the article shows? Looks to me like the Raspberry Pi's > hardware RNG (/dev/hwrng) is being held up as an example of 'good > randomness' in contrast to the RANDU algorithm's 'bad randomness'.
Regardless of the quality of the HW RNG on RPI, it's not good to expose the entropy directly to userspace in /dev/hwrng. Rather, the RPI kernel should mix the entropy into the kernel entropy pool and apps should use /dev/random to get high-quality entropy mixed from all available entropy sources. That way even if an attacker has a backdoor to the HW RNG, the user still has a second line of defense due to the other unpredictable data mixed into the same pool. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
