Re: chip-level randomness?
On Wed, Sep 19, 2001 at 01:12:44AM -0700, Bram Cohen wrote: not necessary in general case Since most applications reading /dev/random don't want random numbers anyway? Here I meant exactly what you said about /dev/random religion. On the other hand feeding the /dev/random with i810 during normal system operation is not bad idea, as /dev/random is not a PRNG but pool, that can be emptied if not feed enough from other semi-random events (interrupts, keyboard). At startup and with 200 bits of data would be fine. Of course, there's the religion of people who say that /dev/random output 'needs' to contain 'all real' entropy, despite the absolute zero increase in security this results in and the disastrous effect it can have on performance. Ok, I get your point now. I'm not sure if reading a blocking device (i810) from kernel is a very good idea, however. That's sort of things that is very good suited for userland, when the system goes multiuser and multiprocess. Actually, it would be a quite good idea for the Linux distribution vendors to add a "dd if=/dev/intel_rng of=/dev/random bs=1k count=1" to the PRNG initialization scripts. If it fails, then you probably don't have i810 and everything works the old way... Maybe it's even already done, as the author of i810 daemon seems to be from MandrakeSoft. -- Pawe Krawczyk *** home: http://ceti.pl/~kravietz/ security: http://ipsec.pl/ *** fidonet: 2:486/23 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: chip-level randomness?
On Mon, Sep 17, 2001 at 01:44:57PM -0700, Bram Cohen wrote: What is important, it *doesn't* feed the built-in Linux kernel PRNG available in /dev/urandom and /dev/random, so you have either to only use the hardware generator or feed /dev/urandom yourself. That's so ... stupid. Why go through all the work of making the thing run and then leave it unplugged? It's not that stupid, as feeding the PRNG from i810_rng at the kernel level would be resource intensive, not necessary in general case and would require to invent some defaults without any reasonable arguments to rely on. Like how often to feed the PRNG, with how much data etc. On the other hand, the authors provide a `rngd' daemon, running in userland, that reads the i810_rng device and feeds the data into kernel PRNG. It seems to be reasonably written, with all the possible caveats in mind, and you can control the feeding interval, block size and other parameters. URI: http://sourceforge.net/project/showfiles.php?group_id=3242release_id=28349 -- Pawe Krawczyk *** home: http://ceti.pl/~kravietz/ security: http://ipsec.pl/ *** fidonet: 2:486/23 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: chip-level randomness?
On Sat, Sep 15, 2001 at 10:16:27AM -0700, Carl Ellison wrote: I'm told that the LINUX 2.4 kernel comes with the RNG driver built-in, but I haven't tried that. It works almost out of box, kernel detects the chip and if you have the necessary device file created (character 10,183 AFAIK) you can use it to read random data streams. It blocks sometimes when you read long blocks, but it's quite obvious and it returns as soon as it collects enough data to satisfy your request. What is important, it *doesn't* feed the built-in Linux kernel PRNG available in /dev/urandom and /dev/random, so you have either to only use the hardware generator or feed /dev/urandom yourself. -- Pawe Krawczyk *** home: http://ceti.pl/~kravietz/ security: http://ipsec.pl/ *** fidonet: 2:486/23 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
