[PATCH][RFC] CPU Jitter random number generator

Stephan Mueller smueller at chronox.de
Wed May 15 10:05:24 CEST 2013 

On Wed, 15 May 2013 09:08:30 +0300
Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:

Hi Jussi,

> On 13.05.2013 19:58, Stephan Mueller wrote:
> > Hi,
> > 
> > [1] patch at
> > http://www.chronox.de/jent/jitterentropy-20130508.tar.bz2
> > 
> > An implementation of a CPU Jitter random number generator is
> > released at http://www.chronox.de/ . The heart of the RNG is about
> > 30 lines of easy to read code. The readme in the main directory
> > explains the different code files.
> > 
> > The documentation of the CPU Jitter random number generator
> > (http://www.chronox.de/jent/doc/index.html and PDF at
> > http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf -- the graphs
> > and pictures are better in PDF) offers a full analysis of:
> > 
> > - the root cause of entropy
> > 
> > - a design of the RNG
> > 
> > - statistical tests and analyses
> > 
> > - entropy assessment and explanation of the flow of entropy
> 
> Just want to say that this reminds me of 'haveged' entropy daemon,
> that uses 'internal volatile hardware states as source of
> uncertainty'.. http://www.issihosts.com/haveged/

Have you looked into the code of haveged? It is a very large body of
code which is also very complicated. Even with the design I did not
really understand the code. In particular, look at oneiteration.h.

The approach I have tries to cover the heart in about 30 lines of code
which is very simple.

Moreover, haveged is intended to seed /dev/random. So you have again a
central source of entropy. Contrary, the suggested method shall
allow for multiple, independent, decentralized entropy gatherers. In
essence, every requestor in need of entropy can instantiate its own
copy of the entropy collector.

Thanks
Stephan
> 
> -Jussi
> 
> > 
> > The document also explains the core concept to have a fully
> > decentralized entropy collector for every caller in need of entropy.
> > 
> > The appendix of the documentation contains example use cases by
> > providing link code to the Linux kernel crypto API, libgcrypt and
> > OpenSSL. These implementations follow the concept of
> > decentralized entropy collection.
> > 
> > The man page provided with the source code explains the use of the
> > API of the CPU Jitter random number generator.
> > 
> > The test cases used to compile the documentation are available at
> > the web site as well.
> > 
> > Ciao
> > Stephan
> > 
> > Signed-off-by: Stephan Mueller <smueller at chronox.de>
> > 
> > _______________________________________________
> > Gcrypt-devel mailing list
> > Gcrypt-devel at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
> > 
> 
> 



-- 
| Cui bono? |

More information about the Gcrypt-devel mailing list