Subject: Re: Hardware RNG support for EM64T systems
To: None <tls@rek.tjls.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: port-amd64
Date: 02/19/2006 11:41:44
In message <20060219155115.GA29962@panix.com>, Thor Lancelot Simon writes:

>
>A major problem with our /dev/random implementation is that it obscures
>the actual input data while doing no testing at all to ensure that it is
>actually random.  It is a very bad idea to leave known-questionable
>sources -- particularly ones with high data rates -- connected to it!

Some random number generators have a self-test mode that verifies that 
the device is working to at least some extent.  Does this one?

That said, the page you cite indicates that Linux (and possibly 
FreeBSD) run a FIPS randomness test on what they find.  That's a very 
good idea in any event.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb