lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 11 Oct 2013 20:38:51 +0200
From:	Stephan Mueller <smueller@...onox.de>
To:	Theodore Ts'o <tytso@....edu>,
	sandy harris <sandyinchina@...il.com>,
	linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: [PATCH] CPU Jitter RNG: inclusion into kernel crypto API and /dev/random

Hi,

the CPU Jitter RNG [1] is a true random number generator that is 
intended to work in user and kernel space equally well on a large number 
of different CPUs. The heart of the RNG is about 30 lines of code. The 
current implementation allows seamless hooking into the kernel crypto 
API as well as the Linux /dev/random driver. With its inherent non-
blocking behavior, it could solve the problem of a blocking /dev/random.

Over the last months, new tests were executed. The list of tests now 
cover all major operating systems and CPU types as well as microkernels 
of NOVA, Fiasco.OC and Pistacio. More than 200 different systems are 
tested. And for those, the tests show that the Jitter RNG produces high-
quality output. See [2] appendix F for details.

When talking with developers from different chip manufactures, I was 
told that even they see the execution timing jitter in their tests and 
cannot eliminate the timing jitter. Nor are they able to explain to 100% 
certainty the root cause of the jitter. Therefore, the noise source 
looks appropriate for general use.

I am asking whether this RNG would good as an inclusion into the Linux 
kernel for:

- kernel crypto API to provide a true random number generator as part of 
this API (see [2] appendix B for a description)

- inclusion into /dev/random as an entropy provider of last resort when 
the entropy estimator falls low.

Patches for both are provided in the source code tarball at [1].

A full description of the RNG together with all testing is provided at 
[2] or [3].

I will present the RNG at the Linux Symposium in Ottawa this year. There 
I can give a detailed description of the design and testing.

[1] http://www.chronox.de

[2] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

[3] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists