| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Oct 2013 16:47:42 +0300 From: Stanimir Varbanov <svarbanov@...sol.com> To: "H. Peter Anvin" <hpa@...or.com> CC: Theodore Ts'o <tytso@....edu>, Rob Herring <rob.herring@...xeda.com>, Pawel Moll <pawel.moll@....com>, Mark Rutland <mark.rutland@....com>, Stephen Warren <swarren@...dotorg.org>, Ian Campbell <ijc+devicetree@...lion.org.uk>, Matt Mackall <mpm@...enic.com>, Herbert Xu <herbert@...dor.hengli.com.au>, linux-kernel@...r.kernel.org, Rob Landley <rob@...dley.net>, devicetree@...r.kernel.org, linux-doc@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-arm-msm@...r.kernel.org Subject: Re: [PATCH 0/2] Add support for Qualcomm's PRNG Hi Ted, Peter, On 10/09/2013 06:07 PM, H. Peter Anvin wrote: > On 10/09/2013 07:46 AM, Stanimir Varbanov wrote: >> >> No, there is no public documentation for the block. Here is the driver >> documentation which I used as a base [1]. >> >> My guess was that - if it is PRNG (got from hardware description link >> above) than according to wiki [2] it is also known as a deterministic >> random bit generator (DRBG). The recommendation for RNG using DRBG is >> NIST 800-90. >> >> Of course I could be wrong, so I can add a comment that this is just a >> guess and we shouldn't over-reliance on this. >> > > There needs to be an architecturally guaranteed lower bound on the > entropic content for this to be at all useful. However, the hwrandom > interface is currently expecting fully entropic output (which is almost > certainly bogus... consider the PowerPC random number generator[1]) and > so using it for a PRNG output is directly wrong. This is part of why > RDRAND support is implemented directly in rngd so that we can do the > required cryptographic data reduction to produce fully entropic output. I ran the rngtest with following command line: # cat /dev/hw_random | rngtest -c 100000 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 2000000032 rngtest: FIPS 140-2 successes: 99925 rngtest: FIPS 140-2 failures: 75 rngtest: FIPS 140-2(2001-10-10) Monobit: 10 rngtest: FIPS 140-2(2001-10-10) Poker: 9 rngtest: FIPS 140-2(2001-10-10) Runs: 20 rngtest: FIPS 140-2(2001-10-10) Long run: 38 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=1.267; avg=53.222; max=2384.186)Mibits/s rngtest: FIPS tests speed: (min=3.016; avg=48.847; max=49.931)Mibits/s rngtest: Program run time: 75191914 microseconds Could you guys comment those results? regards, Stan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists