On 07/03/14 01:06, Sandy Harris wrote: > On Tue, Jul 1, 2014 at 7:14 AM, Corentin LABBE > <clabbe.montj...@gmail.com> wrote: > >> I am writing the PRNG driver for the Allwinner Security System SoC A20. > > The datasheet my search turned up (v1, Feb. 2013) just says: "160-bit > hardware PRNG with 192-bit seed" and gives no other details. Do you > have more info, perhaps from a more recent version or talking to the > company?
The datasheet I used give some register info, just enough for having some "random" number out of the device. > >> I didn't know how to test it, so ... > > Unless you have much more info, I see no point in enabling it or > writing a driver. You need a true hardware RNG to seed it, so you need > random(4) /dev/random anyway and can just use /dev/urandom for PRNG > requirements. > > Using this device might have an advantage if it is much faster or less > resource-hungry than urandom, but I see nothing in its documentation > that indicates it is. Anyway, do your applications need that? And, if > so, would an application-specific PRNG be better yet? > > Then there is the crucial question of trusting the device. Kerckhoff's > Principle > (http://en.citizendium.org/wiki/Kerckhoffs%27_Principle) > has been a maxim for cryptographers since the 19th century; no-one > should even consider trusting it until full design details are made > public and reviewed. > > Even then, there might be serious doubts, since hardware can be very > subtly sabotaged and an RNG is a tempting target for an intelligence > agency. > (http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/) > That article discusses Intel and the NSA, but similar worries apply > elsewhere. Allwinner is a fabless company, so you also need to worry > about whatever fab they use. > The question of trusting is the reason that my preliminary driver made the PRNG optionnal and I think the next version will be without it. But for people who do not care (or do not have a real RNG requirement), the output speed is better than /dev/urandom Here is a comparison of the output speed of rng-test: with /dev/urandom rngtest: input channel speed: (min=623.523; avg=17402.670; max=3906250.000)Kibits/s with /dev/hwrng and ss-rng/sunxi-ss loaded rngtest: input channel speed: (min=1.193; avg=113.604; max=4768.372)Mibits/s So an average speed gain of x5 Apart from trusting, does the results of rng-test are good enough ? Thanks for your answer Regards -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
