Subject: Re: Guidelines for hardware RNG drivers in NetBSD
To: None <,>
From: Travis H. <>
List: tech-kern
Date: 12/05/2006 17:36:59
On Wed, Dec 06, 2006 at 07:47:33AM +1100, Daniel Carosone wrote:
> Testing and analysis of the raw data should go direct for
> pretty pictures, feeding consumers should go via mixing (possibly
> together with others sources) in the rnd pool.

It's a pity that there's no easy way to do continual quality
checks on the output without copying it out to userland and
back in to the pool.  I suppose we could, theoretically, but
it'd be much slower, and would expose the rnd inputs more
than what is desirable.  Are there any ideas on how one could
allow a parallel or serial quality check in a relatively
secure way?  I suppose you could make it a kernel config
option; that way it's unlikely that an intruder could enable
it without detection, but at least it would be there if you
really know what you're doing...
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:> -><-