tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rate to source random bits via rnd_add_data()

On Mon, Feb 04, 2013 at 07:21:24PM -0600, Frank Zerangue wrote:
> NetBSD-6.0.1
> Given a hardware random number generator, how does one know at what rate
> to source random bits to the entropy pool via rnd_add_data()?

It depends how the generator works.  Sometimes you can actually find an
estimate of the true entropy per output bit in the design documentation
or datasheet.  In those cases, generally I set the RNG's tunable
parameters (if it has any) as conservatively as possible and feed in data
at the resulting rate.  The Hifn driver is an (old, crummy, limited by
hardware bugs) example of this.

Other times you can't get at the raw RNG anyway, typically because
someone has jammed X9.31 or some other cryptographic stream generator
in the middle.  And maybe you don't have documentation of what the
true underlying entropy per output bit is believed to be.

A reasonable thing to do in that case is to use the "rnd_full" symbol
exported by the rndpool code to throttle your RNG service routine.  If
you want to be fancy and self-tune, you can adjust your polling rate
according to how often you hit rnd_full.  Otherwise, you can just poll
at a moderate rate and return early if rnd_full is true.

The pool opportunistically rekeys existing generators if the pool
fills up, so, entropy put into a nearly full pool is not really
wasted, at least not on a busy system.


Home | Main Index | Thread Index | Old Index