[cryptography] Quality of HAVEGE algorithm for entropy?
smueller at chronox.de
Fri Nov 29 05:39:21 EST 2013
Am Freitag, 29. November 2013, 11:31:49 schrieb Joachim Strömbergson:
> Stephan Mueller wrote:
> > The problem is that dieharder & Co only show the statistical quality.
> > Based on my real-world attempts to the CPU jitter issue used as a
> > noise source for /dev/random, the questions around the entropy of the
> > data still remains -- see the email threat on LKML.
> (I feel I need to read up on the LKLM discussion).
> Yes, but when having access to an entropy source - what other ways
> besides statistical tool such as Dieharder do we have to measure the
> quality of the entropy?
Provide a rationale why:
- your observed noise source is really random
- explain the uncertainty in the noise source
> The problem as I have understood it is that we don't have direct access
> to the entropy source in Bull Mountain. And that we have to trust Intel
> on telling us the truth, that there actually is a nice entropy source,
> not simply a CSPRNG with a seed known by certain organizations. The lack
> of openness, transparency and control of the entropy source is what is
You are right. But when introducing a noise source that is not commonly
understood, you have to make some explainig.
> Or am I missing something?
> > That is why my current patch set only uses the jitter noise source as
> > last resort, i.e. when /dev/random is about to block. As long as the
> > other noise sources produce entropy, my jitter noise source is not
> > even asked.
> > With that approach, however, /dev/random will never block any more on
> > any system.
> That is actually pretty neat.
> What bitrate do you get from your RNG?
On an Intel 2nd gen i7 I get about 15kBytes/s. On an embedded MIPS (my
Internet router), I get still 1kB/s.
> BTW: Just downloaded your PDF and OMG it is really big. I think I have
> my weekend reading identified. ;-)
Do not be scared. about 75% is only in numbers and graphs of the 200+
systems I tested in appendix F. The rest is pretty small. :-)
> BTW2: You should probably reference jytter in your paper, it would be
> very interesting to see the comparison between them.
I will first have to make myself familiar with this one.
| Cui bono? |
More information about the cryptography