[cryptography] Quality of HAVEGE algorithm for entropy?

Stephan Mueller smueller at chronox.de
Wed Nov 27 06:03:41 EST 2013


Am Dienstag, 26. November 2013, 10:56:30 schrieb Sandy Harris:

Hi,

> On Mon, Nov 25, 2013 at 6:46 PM, coderman <coderman at gmail.com> wrote:
> > On Sun, Nov 24, 2013 at 2:04 PM, Fabio Pietrosanti (naif)
> > 
> > <lists at infosecurity.ch> wrote:
> >> ...
> >> i found such a very nice piece of software that's said to provide added
> >> entropy using HAVEGE algorithm:
> >> http://www.issihosts.com/haveged/
> >> http://www.irisa.fr/caps/projects/hipsor/
> >> 
> >> Any opinion on the usefulness of that kind of tool as an additional
> >> entropy source for crypto operations on a Linux system?
> > 
> > do it yesterday!  i have been using this (haveged) for many years, in
> > addition to physical entropy sources, and it is very much a useful
> > addition to host entropy sources.
> 
> Yes.
> 
> See here for another one, possibly more suitable on very limited
> systems like phones or routers, and a PDF that discusses several
> others including Havege.
> ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/

The only challenge that I see with Havege is that the algorithm is quite 
complex and that the description does not fully explain why and where the 
entropy comes from. Looking into the source code of oneiteration.h, the code 
is also not fully clear.

Considering the grilling I get with a similar RNG that I ask to be used as a 
seed source for /dev/random or other crypto libs (see thread 
http://lkml.org/lkml/2013/10/11/582), I would have concerns on the 
algorithm.

Ciao
Stephan
-- 
| Cui bono? |


More information about the cryptography mailing list