Kevin Chadwick <[email protected]> wrote: > I was looking at this entropy gatherer (havege) and was wondering if > OpenBSD uses any similar techniques? > > www.irisa.fr/caps/projects/hipsor/
Broadly speaking, yes. "HAVEGE combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation." This is the way all practical random number generators now work, including OpenBSD's kernel one, Yarrow as implemented e.g. by FreeBSD, or even Intel's on-chip Bull Mountain. I don't want to sound too disparaging of the HAVEGE people, but once you cut through the bluster, what remains is that they use the processor cycle counter as their sole source of entropy, which they then feed into their own deterministic pseudo-random number generator. I suspect their choice of entropy source will not find general approval *cough, cough*, and rather than designing your own PRNG to stretch the randomness, you can do what OpenBSD and Intel did and just use an off-the-shelf cryptographic stream cipher. -- Christian "naddy" Weisgerber [email protected]
