[cryptography] Quality of HAVEGE algorithm for entropy?

Stephan Mueller smueller at chronox.de
Fri Nov 29 11:57:04 EST 2013


Am Freitag, 29. November 2013, 16:06:07 schrieb stef:

Hi stef,

> On Fri, Nov 29, 2013 at 11:22:29AM +0100, Joachim Strömbergson wrote:
> > What I was trying to say is that Havege running on MCUs (AVR, AVR32,
> > PIC, PIC32, ARM Cortex M0 etc) where instructions in general takes the
> > same number of cycles to execute and where caches are few (few levels),
> > have simple or even no replacement policy (it is done by SW control),
> > the assumptions in Havege is not really present. And that this change in
> > physical setup _should_ affect the variance measured. But again, I
> > haven't tested it yet.
> 
> howdy, i tried out the default haveged code found under:
> http://www.irisa.fr/caps/projects/hipsor/misc.php#measure
> 
> on an arm cortex m3 stm32f2xx and streamed the results over uart and 
plotted
> them here:
> https://www.ctrlc.hu/~stef/stm32f2x-jitter.png
> 
> prefetch, data and instruction cache where enabled.

Unfortunately, such graphs are not too helpful. If you want to test 
something, do either or all of the following:

- gather 100 or more MB of output, run ent, ent -b and dieharder -a on them

- check for the basic fundamental noise source (I am not fully sure what 
that is for havege), and run tests on that presence

Still, after doing that you only checked the statistical side of things. 
Yet, the entropy side is uncovered by this testing (i.e. is there really 
entropy present.
> 
> cheers,s


Ciao
Stephan
-- 
| Cui bono? |


More information about the cryptography mailing list