Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: regarding the changes to kernel entropy gathering

On Sun, 4 Apr 2021, Taylor R Campbell wrote:

No, because the output of /dev/random and /dev/urandom is the output
of a pseudorandom number generator that meets modern standards of

If anyone had _ever_ published statistical tests that the PRNG failed
in a detectable way, then (a) this would be an earthshattering
development in the cryptography literature, which would be hotly
discussed in much more significant forums than NetBSD mailing lists,
and (b) we would stop using this PRNG and switch to another one.

Right. Well, it's been quite a few years since I ran this sort of test
on /dev/*random, and things, obviously, have been fixed. (Back in the
early 2000s, the tests I mentioned turned up their noses at /dev/random
data from the Linux kernel.)

Then, the issue here is one of predictability. NetBSD doesn't want, for
extremely valid reason, to incorporate any perturbation sources which
have been pooh-poohed in the technical literature. But, its /dev/random
is good enough that no statistical tests of randomness will fail it.

Hmm. I have to say, that now I find myself not disagreeing with Greg's
point of view: Maybe NetBSD's default is too strict and a knob like
kern.entropy.use_pooh_poohed_sources=1 would not be a bad thing for
some users--with all appropriate sysinst warnings of course.

Or, perhaps statistical tests of the raw in-kernel sources will demonstrate
exactly why things like timing jitter have been pooh-poohed in the


PS: As an aside, I'm perfectly OK with the choices currently made in 9.99:
``if there's any doubt, leave it out''

Home | Main Index | Thread Index | Old Index