> It's a 64-bit counter, which we reduce to 32 bits. Since there is
> progressively less entropy in the higher bits of a counter than in
> the lower bits, it intuitively makes sense not just to do hi^lo,
> but to bit-reverse one half in order to extract maximal entropy,
> and on aarch64 bit
ok deraadt
Christian Weisgerber wrote:
> Mark Kettenis:
>
> > > Here is a cpu_rnd_messybits() implementation for arm64.
> > > It reads the virtual counter and xors it with a bit-reversed copy
> > > of itself.
> > >
> > > The virtual counter is used by the only timecounter implementation
> > >
> Date: Sat, 6 Jun 2020 00:30:51 +0200
> From: Christian Weisgerber
> Cc: tech@openbsd.org
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
>
> Mark Kettenis:
>
> > > Here is a cpu_rnd_messybits() implementation for arm64.
> > > It reads the virtual counter and xors it
Mark Kettenis:
> > Here is a cpu_rnd_messybits() implementation for arm64.
> > It reads the virtual counter and xors it with a bit-reversed copy
> > of itself.
> >
> > The virtual counter is used by the only timecounter implementation
> > used on arm64, so I assume it is generally available.
> >
> Date: Fri, 5 Jun 2020 23:27:13 +0200
> From: Christian Weisgerber
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
>
> Here is a cpu_rnd_messybits() implementation for arm64.
> It reads the virtual counter and xors it with a bit-reversed copy
> of itself.
>
> The
