| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:cc:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=nnDeOSTrn+OsOWbAUMNKOqkqDi0ue9nVpjigrHroL/xqLgXW+Ib3/ | |
| p2XT3SopYGXMJc4zWEco5PE4/PUj1s08qIKI08BmhlI5VQDy1G/XoghttXVs9BcI | |
| 5MfA/9QmKKb7YGX0GvcKlREwh3wGaImPE+ROtOTs/Q8mlqAf1fRtw8= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:cc:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=EtulzR7zUznTrlBVEUawqNOaQ44=; b=DE6PRZUCYKFAquGI47+qyeV6KdJ4 | |
| 1LAn6urr7N9K0DnE0YpJ7M9z1Vpwq6/hJy+QkGVRIVjZ+sQl8Ko0+LCppGnkaexI | |
| SovL3Vci+7CXWyFHLTvXFV4tcRQoD9auNtpWEKV/fNNRVIitKXpEL6AzzFK2PdYR | |
| BJsb3runwj8pH7M= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.0 required=5.0 tests=AWL,BAYES_00,POKER_BODY autolearn=no version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Tue, 15 Oct 2013 16:00:52 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Cc: | starlight DOT 2013z3 AT binnacle DOT cx |
| Subject: | Re: /dev/random does not block, emits poor entropy |
| Message-ID: | <20131015140052.GE19383@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com, starlight DOT 2013z3 AT binnacle DOT cx |
| References: | <6 DOT 2 DOT 5 DOT 6 DOT 2 DOT 20130919015353 DOT 03a25398 AT binnacle DOT cx> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <6.2.5.6.2.20130919015353.03a25398@binnacle.cx> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
--19uQFt6ulqmgNgg1
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sep 19 01:55, starlight DOT 2013z3 AT binnacle DOT cx wrote:
> For contrast, here is a 'rngtest' run against a
> 3.1.8 Linux kernel with /dev/random enhanced by
> the output of a STMicroelectronics ST33 TPM PRNG
> (via 'rngd' v4).
>=20
> bits received from input: 62380032
> FIPS 140-2 successes: 3115
> FIPS 140-2 failures: 4
> FIPS 140-2(2001-10-10) Monobit: 0
> FIPS 140-2(2001-10-10) Poker: 0
> FIPS 140-2(2001-10-10) Runs: 3
> FIPS 140-2(2001-10-10) Long run: 1
> FIPS 140-2(2001-10-10) Continuous run: 0
> input channel speed: (min=3D21.119; avg=3D42.165; max=3D136.844)Kibits/s
> FIPS tests speed: (min=3D41.374; avg=3D104.495; max=3D107.154)Mibits/s
> Program run time: 1445.324494 seconds
>=20
> That's three bit runs and one long bit run
> in close to 8MB of random data.
Ok, let's compare that with the results of Cygwin's /dev/random as you
posted in your previous mail:
rngtest: bits received from input: 3088523264
rngtest: FIPS 140-2 successes: 154295
rngtest: FIPS 140-2 failures: 131
The # of bits received from input is about 49.5 times higher than what
you got from Linux' /dev/random. So the number of events should be
divided by 49.5 for a fair comparison, right? Lazily rounded up
I get:
Linux Cygwin/49.5
bits received from input: 62380032 62394409.4
FIPS 140-2 successes: 3115 3117.1
FIPS 140-2 failures: 4 2.7
The failure rate is better than on Linux. That doesn't look bad to me.
Am I missing something?
Nevertheless I now added code to reseed the OS PRNG after each run of
512 bytes for the /dev/random emulation. This results in even better
numbers for the price of slowing down access to /dev/random, which is
not much of a problem compared to the blocking behaviour of Linux'
/dev/random. The new results with /dev/random are now along the
lines of:
rngtest: bits received from input: 3059180032
rngtest: FIPS 140-2 successes: 152857
rngtest: FIPS 140-2 failures: 102
[...]
which is another ~30% better result. That should be sufficient, IMHO.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--19uQFt6ulqmgNgg1
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSXUqUAAoJEPU2Bp2uRE+gcT0P/Al3yt4GN3g8pm5sChSCBxva
8kpDgPNMnAt4bYWXzbV1LS4zwjMDyxOML5RrzzFXv12efDB4fNH0dOj40r26kkmy
bYGF56JAgI8uv0RMcPRa4UIsbS8X3m7A/jIT0tPsDKGZaCAbtDl//WN1pZGMZqKp
mdkZCoRTMJeRXA2NxK/t752vzStVtBqUj4G+VsS1Q7pBkizBhHmLOwqh0aRPHz1H
qHjV1nkfitkCBVpOsBL3FjwxC6Y3knOyKSJhidHw/laI2OSsPzCkLMel8hhWsUMw
DfFnAELT6VGdfxpKeIEmBl5TS3ObRIY2jI3oKb7AUd0W3kfEN6X9pt8IR4XI8tRw
EGU2YhBTO/HVA6fPsJW7UR5cP0XjkvlJldOHpOYWg9rzyAjTHApRcEuSy9TFT69l
KN1HR1qMJPhMBR7JvJsshPXqq7p9gkYxi8O2sqnMytcF8PuPeLkYOuRXmVpcZD57
EPRefEkEvRULfa5wLbz75PkVIyG3LYHXoZoIcyfpYLLvOK8ajENMlfM3jl13tq1k
oHV6VsAdU1FRBzpaJDDKzJcrI6vzXqR+KmNAxUjrGPrKaw79lplgut5qMVzAT+2S
i44SSTQDTVx9v8Ka0eDGJg/nnktJRfz6dZzGAG5JVQyoq+G1HvHVlMfICgPCzoo8
+RQEyOA9G+wDvpORbUMO
=+XYo
-----END PGP SIGNATURE-----
--19uQFt6ulqmgNgg1--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |