| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dleftjtv0i88ji.fsf%l.stelmach@samsung.com>
Date: Fri, 15 May 2020 00:18:41 +0200
From: Lukasz Stelmach <l.stelmach@...sung.com>
To: Stephan Mueller <smueller@...onox.de>
Cc: Matt Mackall <mpm@...enic.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ray Jui <rjui@...adcom.com>,
Scott Branden <sbranden@...adcom.com>,
bcm-kernel-feedback-list@...adcom.com,
Kukjin Kim <kgene@...nel.org>,
Krzysztof Kozlowski <krzk@...nel.org>,
Florian Fainelli <f.fainelli@...il.com>,
Markus Elfring <elfring@...rs.sourceforge.net>,
Matthias Brugger <mbrugger@...e.com>,
Stefan Wahren <wahrenst@....net>, linux-crypto@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-samsung-soc@...r.kernel.org,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>
Subject: Re: [PATCH 1/2] hwrng: iproc-rng200 - Set the quality value
It was <2020-05-14 czw 22:20>, when Stephan Mueller wrote:
> Am Donnerstag, 14. Mai 2020, 21:07:33 CEST schrieb Łukasz Stelmach:
>
> Hi Łukasz,
>
>> The value has been estimaded by obtainig 1024 chunks of data 128 bytes
>> (1024 bits) each from the generator and finding chunk with minimal
>> entropy using the ent(1) tool. The value was 6.327820 bits of entropy
>> in each 8 bits of data.
>
> I am not sure we should use the ent tool to define the entropy
> level. Ent seems to use a very coarse entropy estimation.
>
> I would feel more comfortable when using other measures like SP800-90B
> which even provides a tool for the analysis.
>
> I understand that entropy estimates, well, are estimates. But the ent
> data is commonly not very conservative.
>
> [1] https://github.com/usnistgov/SP800-90B_EntropyAssessment
Thank you for pointing this out.
I am running tests using SP800-90B tools and the first issue I can see
is the warning that samples contain less than 1e6 bytes of data. I know
little about maths behind random number generators, but I have noticed
that the bigger chunk of data from an RNG I feed into either ent or ea_iid
the higher entropy they report. That is why I divided the data into 1024
bit chunks in the first place. To get worse results. With ea_iid they
get even worse (128 bytes of random data)
Calculating baseline statistics...
H_original: 4.107376
H_bitstring: 0.795122
min(H_original, 8 X H_bitstring): 4.107376
but I don't know how much I can trust it, when I get such warning
*** Warning: data contains less than 1000000 samples ***
ea_non_iid refuses to run tests with less than 4096 bytes of input.
I may suspect that lack of any warnings from ent doesn't make its
results any more reliable.
Anyway. I collected 1024 files 1024 bits each once again and ran the
following tests
for f in exynos-trng/random*; do ./ea_iid "$f" | grep ^min; done | sort | head -1
for f in rng200/random*; do ./ea_iid "$f" | grep ^min; done | sort | head -1
For both RNGs I got the same
min(H_original, 8 X H_bitstring): 3.393082
which, if I understand correctly, means I should set quality to no more
than 434. Do you think 400 is OK?
Kind regards,
--
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
Download attachment "signature.asc" of type "application/pgp-signature" (488 bytes)
Powered by blists - more mailing lists