[ale] random number generators

dev null zero two dev.null.02 at gmail.com
Tue Mar 19 17:43:45 EDT 2019


My understanding is Haveged has security issues and has to be confirgued in
a special way to produce informational-theoretic entropy.

The Intel parts may have HWRNGs on them. Is the Linux kernel pulling in any
data from existing hwrng like Intel rdseed already? That Linux patch may do
that too if it isn't already a feature of the Linux kerne.


On Tue, Mar 19, 2019 at 5:19 PM Jim Kinney <jim.kinney at gmail.com> wrote:

> This looks promising.
>
> The system(s) are Intel, high core count file servers with 12 encrypted
> partitions and 40G TCP and 40G IB networking. Linked through glusterfs they
> are the storage cluster. I'm seeing haveged getting _used_ where it's not
> been used before.
>
> On Tue, 2019-03-19 at 16:54 -0400, dev null zero two via Ale wrote:
>
> IIRC, the link I sent is for a Linux RNG patch that uses a FIPS approved
> DRBG. If properly seeded, this can supply a ton of secure random numbers
> without draining the entropy pool so much.
>
> On Tue, Mar 19, 2019 at 4:52 PM Alex Carver via Ale <ale at ale.org> wrote:
>
> On 2019-03-19 13:31, Jim Kinney via Ale wrote:
> > When the entropy pool gets low and all 200TB are encrypted, writes can
> > slow down.
> >
> > Looking at at hardware RNG devices. Found one that looks really cool,
> > open, all the right buttons http://onerng.info/
> >
> > Anybody used something like this?
>
> I've seen mention more than once of using a Geiger counter with its
> output tied to a serial port to generate random bits with a small
> software shim to push them into entropy.  The advantage is that
> radioactive decay is random and this kind of setup can't be influenced
> from a distance.
>
>
> Diode noise is not fully random, it has a specific energy distribution
> so there will be bias in the results (in which case you're depending on
> these guys to have smoothed/whitened the noise properly).  RF noise is
> also not random when the receiver is stationary.  The RF landscape
> doesn't change too much and also has inherent bias (cell towers, wifi
> APs, lots of other transmitters that don't move and sit on the same
> frequency).  The RF generator would depend on the features that do
> change which are fewer and slower.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
>
> Ale mailing list
>
> Ale at ale.org
>
>
> https://mail.ale.org/mailman/listinfo/ale
>
>
> See JOBS, ANNOUNCE and SCHOOLS lists at
>
> http://mail.ale.org/mailman/listinfo
>
>
> --
>
> James P. Kinney III Every time you stop a school, you will have to build a
> jail. What you gain at one end you lose at the other. It's like feeding a
> dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark
> Twain http://heretothereideas.blogspot.com/
>
> --
Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190319/4d4b142c/attachment.html>


More information about the Ale mailing list