|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Hardware RNG support for EM64T systems
From: Sam Leffler (sam
errno.com)
Date: Sun Feb 19 2006 - 11:44:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steven M. Bellovin wrote:
> In message <20060219155115.GA29962panix.com>, Thor Lancelot Simon writes:
>
>> A major problem with our /dev/random implementation is that it obscures
>> the actual input data while doing no testing at all to ensure that it is
>> actually random. It is a very bad idea to leave known-questionable
>> sources -- particularly ones with high data rates -- connected to it!
>
> Some random number generators have a self-test mode that verifies that
> the device is working to at least some extent. Does this one?
>
> That said, the page you cite indicates that Linux (and possibly
> FreeBSD) run a FIPS randomness test on what they find. That's a very
> good idea in any event.
The thing about running a FIPS test is news to me :) Perhaps they are
thinking of the kernel module I did (based on Jason Wright's user-mode
test code) that interposes a FIPS tester between the entropy source and
the PRNG. That's optional but can be used to continuously validate
and/or monitor uncertain entropy sources for goodness--not that FIPS
tests are any great shakes in doing it but...
BTW the kernel module yields some interesting results for various h/w
RNG's (which is why I originally did it).
Sam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]