Hello, some time ago, before random(4) was rewritten for FreeBSD 5 by Mark Murray, we had rng, the i815 hardware random number generator. At this time, there were rumors about the quality of the randomness. Now we have rdrand (BullMountain hardware random generator in IvyBridge) and Dual_EC_DRBG (NSA's NIST contribution) makes me wonder if quality is again something to worry about - although kib's commit message states: „From the Intel whitepapers and articles about Bull Mountain, it seems that we do not need to perform post-processing of RDRAND results, like AES-encryption of the data with random IV and keys, which was done for Padlock. Intel claims that sanitization is performed in hardware.“ When we use the software random device, one has great control over /dev/random with sysctk kern.random. Are there considerations to extend the HW-rng-implementation by optional post processing? -Harry
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:41 UTC