On Thu, 29 Jul 2004, Andy Polyakov wrote: > >>>>Note that 3rd argument to padlock_xstore is no longer void ** and second > >>>>argument to more diverse, 1 and 3. > >>> > >>>I read somewhere that with edx=3 the RNG gives the "best" random > >>>numbers. > >> > >>Well, it's most "wasty" that's for sure:-) I mean it seem to compress 8 > >>bytes to 8 bits. > > > > Wasty ... maybe. But you usually need not too much bytes with a good > > entropy instead of a fast flow of numbers with poor entropy. How about > > using the "slow" variant as RNG and the fast one as PRNG? There are > > different entries for both in the RAND_METHOD structure. > > I'm actually leaning toward opinion to #if 0 RNG at initial commit to > CVS. The evaluation report (at via site) maintains that edx=3 should be > used for non-secure applications [such as monte-carlo simulations]. For > cryptographic applications they recommend to pool values collected with > edx=0 and whiten them with secure hash. For all applications they > explicitly discourage rep prefix and recommend to thoroughly check > returned eax after each xstore instruction. Another concern is that > registering RAND_METHOD has an "usurping" effect on RAND_bytes and > proposed code provides no error control whatsoever. In other words in my > opinion further consideration is required... Shall we settle for this > for now?
Well ... yes. RNG is not that critical (although it's a loss to not use it when it is there). But go ahead with the CVS commit without RNG. > I also wonder if you have any hints on what one should look for if one > wants to build system based on this CPU? Particular CPU models > (steppings to avoid), mothercards (would any 370 card do?), cooling > required... Stuff like that... A. ACE is available in VIA Nehemiah stepping 8 and higher. I have one such CPU on a C3M266 board (socket 370) with a standard fan taken from an older Athlon. I don't know if those cool mini-ITX boards with a passive cooler are already available with this new Nehemiah. You should ask VIA or their resellers for availability and requirements. All that I can recommend is the correct stepping ;-) Michal Ludvig -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage - http://www.logix.cz/michal ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
