Re: rate to source random bits via rnd_add_data()

To: Frank Zerangue <frank.zerangue%gmail.com@localhost>
Subject: Re: rate to source random bits via rnd_add_data()
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 4 Feb 2013 22:07:44 -0500

On Mon, Feb 04, 2013 at 07:21:24PM -0600, Frank Zerangue wrote:
> NetBSD-6.0.1
> 
> Given a hardware random number generator, how does one know at what rate
> to source random bits to the entropy pool via rnd_add_data()?

It depends how the generator works.  Sometimes you can actually find an
estimate of the true entropy per output bit in the design documentation
or datasheet.  In those cases, generally I set the RNG's tunable
parameters (if it has any) as conservatively as possible and feed in data
at the resulting rate.  The Hifn driver is an (old, crummy, limited by
hardware bugs) example of this.

Other times you can't get at the raw RNG anyway, typically because
someone has jammed X9.31 or some other cryptographic stream generator
in the middle.  And maybe you don't have documentation of what the
true underlying entropy per output bit is believed to be.

A reasonable thing to do in that case is to use the "rnd_full" symbol
exported by the rndpool code to throttle your RNG service routine.  If
you want to be fancy and self-tune, you can adjust your polling rate
according to how often you hit rnd_full.  Otherwise, you can just poll
at a moderate rate and return early if rnd_full is true.

The pool opportunistically rekeys existing generators if the pool
fills up, so, entropy put into a nearly full pool is not really
wasted, at least not on a busy system.

Thor

References:
- rate to source random bits via rnd_add_data()
  - From: Frank Zerangue

Prev by Date: Re: kcpuset(9) questions
Next by Date: Re: Post-mortem debugging tools
Previous by Thread: Re: rate to source random bits via rnd_add_data()
Next by Thread: ioctl for i2c devices
Indexes:

Home | Main Index | Thread Index | Old Index