[cryptography] Quality of HAVEGE algorithm for entropy?

Joachim Strömbergson Joachim at Strombergson.com
Thu Nov 28 04:19:08 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aloha!

Stephan Mueller wrote:
> I would not concur with this statment: at runtime, you cannot verify
>  entropy beyond simple pattern checks. Moreover, compression (i.e. 
> whitening) is not meaningful when mixing it into /dev/random as it
> has its own whitening function.

What I have argumented for is to have sanity checks on the sources to at
least capture pathological cases. Things like stuck at zero/one. Then
one could add simpler tests to detect major bias and values spanning
much less than the value space.

Then the RNG chain could contain estimators such as in the Linux chain.
Or one could design them away like in the Fortuna RNG by Schneier.

We had a case where the MCU integrated radio receiver RSSI signal was
used as entropy source. The radio wasn't used for communication, which
is why it wasn't detected that the radio was in fact broken and the RSSI
always returned the same value. Not good. ;-)

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlKXCowACgkQZoPr8HT30QFTgQCggFyYEFNLRQsALHfUbbDvdzCM
VsgAnjeRcyicNY4IDmc/BuMjI4m4LasI
=mj52
-----END PGP SIGNATURE-----


More information about the cryptography mailing list