Re: HW fed /dev/random

From: Mark R V Murray <mark_at_grondar.org>
Date: Wed, 11 Sep 2013 18:11:25 +0100
On 10 Sep 2013, at 19:13, Harald Schmalzbauer <h.schmalzbauer_at_omnilan.de> wrote:

> Hello,
> 
> some time ago, before random(4) was rewritten for FreeBSD 5 by Mark
> Murray, we had rng, the i815 hardware random number generator.
> At this time, there were rumors about the quality of the randomness.
> 
> Now we have rdrand (BullMountain hardware random generator in IvyBridge)
> and Dual_EC_DRBG (NSA's NIST contribution) makes me wonder if quality is
> again something to worry about - although kib's commit message states:
> „From the Intel whitepapers and articles about Bull Mountain, it seems
> that we do not need to perform post-processing of RDRAND results, like
> AES-encryption of the data with random IV and keys, which was done for
> Padlock. Intel claims that sanitization is performed in hardware.“
> 
> When we use the software random device, one has great control over
> /dev/random with sysctk kern.random.
> Are there considerations to extend the HW-rng-implementation by optional
> post processing?

Yes. This was discussed in Cambridge recently, and will no doubt be brought
up again in Malta. There are indeed plans to post-process the output of
rdrand.

M
-- 
Mark R V Murray


Received on Wed Sep 11 2013 - 15:15:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:41 UTC