[cryptography] Quality of HAVEGE algorithm for entropy?

Stephan Mueller smueller at chronox.de
Fri Nov 29 05:39:21 EST 2013

Am Freitag, 29. November 2013, 11:31:49 schrieb Joachim Strömbergson:

Hi Joachim,

> Aloha!
> Stephan Mueller wrote:
> > The problem is that dieharder & Co only show the statistical quality.
> > 
> >  Based on my real-world attempts to the CPU jitter issue used as a
> > 
> > noise source for /dev/random, the questions around the entropy of the
> > data still remains -- see the email threat on LKML.
> (I feel I need to read up on the LKLM discussion).
> Yes, but when having access to an entropy source - what other ways
> besides statistical tool such as Dieharder do we have to measure the
> quality of the entropy?

Provide a rationale why:

- your observed noise source is really random

- explain the uncertainty in the noise source

> The problem as I have understood it is that we don't have direct access
> to the entropy source in Bull Mountain. And that we have to trust Intel
> on telling us the truth, that there actually is a nice entropy source,
> not simply a CSPRNG with a seed known by certain organizations. The lack
> of openness, transparency and control of the entropy source is what is
> missing.

You are right. But when introducing a noise source that is not commonly 
understood, you have to make some explainig.
> Or am I missing something?
> > That is why my current patch set only uses the jitter noise source as
> > last resort, i.e. when /dev/random is about to block. As long as the
> > other noise sources produce entropy, my jitter noise source is not
> > even asked.
> > 
> > With that approach, however, /dev/random will never block any more on
> > any system.
> That is actually pretty neat.
> What bitrate do you get from your RNG?

On an Intel 2nd gen i7 I get about 15kBytes/s. On an embedded MIPS (my 
Internet router), I get still 1kB/s.
> BTW: Just downloaded your PDF and OMG it is really big. I think I have
> my weekend reading identified. ;-)

Do not be scared. about 75% is only in numbers and graphs of the 200+ 
systems I tested in appendix F. The rest is pretty small. :-)
> BTW2: You should probably reference jytter in your paper, it would be
> very interesting to see the comparison between them.

I will first have to make myself familiar with this one.

| Cui bono? |

More information about the cryptography mailing list