On Sun, 4 Apr 2021, Greg A. Woods wrote:
At Sun, 4 Apr 2021 09:49:58 +0000, Taylor R Campbell <riastradh%NetBSD.org@localhost> wrote:Your change _creates_ the lie that every bit of data entered this way is drawn from a source with independent uniform distribution.No, my change _allows_ the administrator to decide which devices can be used as estimating/counting entropy sources. For example I know that many of the devices on almost all of my machines (virtual or otherwise) are equally good sources of entropy for their uses.
I think running the /dev/random bit-stream through some statistical tests, (both on RDRAND/RDSEED-based and estimator-based as in your patch) would be useful here. Binary packages already have the dieharder RNG tester. Then, there is John Walker's ent for PRNGs: https://fourmilab.ch/random/ NIST has some too, I believe (I can't locate them right now). -RVP PS. Is there a way to get the bit-stream from the various in-kernel sources so that we can run them through these sort of tests? That way we can check--not intuit--how random the bit-streams they produce really are.