X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:to:from:subject:in-reply-to
	:references:mime-version:content-type; q=dns; s=default; b=iMHay
	ttCFnrQK59e7PTjUhIDfjsL4EcpQmWulH+/vap/uZ4x0TOQaL0mrrg/2tLbRDrGW
	gyYjWkTtzlcK491xAowddxYM+576/P9wL8vYNh5PbWJtoedkYDS4qAca7wt39h4X
	ib3fQ+SjW9BH5YmJNXx4gODRk9EJOz8ZAHtiRE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:to:from:subject:in-reply-to
	:references:mime-version:content-type; s=default; bh=0ccr2iNBF3O
	GX0x/hVlAR0dEzZE=; b=WYwLweBKUwUXirOhg3sfDGrBovs7MgJ0r7HyhGbkaxa
	zvGR5jju1PBxvkTlix298MQRJAcat204Oxbxze6rbTKQZ/jwy7aF7duo+/I8Cwct
	SDFQ2QjzjXkIMyZ2fPtbuSAamr5Z8TkI/D9n2PxVpp/btqacqBSbGbdrpuviylCU
	=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mx.binnacle.cx
Message-Id: <6.2.5.6.2.20131015100723.066d3e48@binnacle.cx>
Date: Tue, 15 Oct 2013 10:19:21 -0400
To: cygwin AT cygwin DOT com
From: starlight DOT 2013z3 AT binnacle DOT cx
Subject: Re: /dev/random does not block, emits poor entropy
In-Reply-To: <20131015140052.GE19383@calimero.vinschen.de>
References: <6 DOT 2 DOT 5 DOT 6 DOT 2 DOT 20130919015353 DOT 03a25398 AT binnacle DOT cx> <20131015140052 DOT GE19383 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: -1 () ALL_TRUSTED
Received-SPF: pass (mx.binnacle.cx: 172.29.87.10 is whitelisted by SPF-milter whitelist entry)

Yes, this is great.  Thank you!

Subsequent to my post I learned more
on the topic.  Is complex and loaded
with controversy.  Many cryptographers
assert that Linux's blocking
implementation creates vulnerability
to various timing attacks and that
/dev/urandom is essentially the same
as /dev/random on a practical level
--is better for not blocking.

But the Linex devs are smart folks
and have yet to be convinced. . .

Hardware RNG marketing is deceiving
when it talks about "true" RNG since
even quantum-effect number generators
have non-random patterns that must
be algorithmically cleansed.
Rather than a "true" RNG or TRNG, one
wants as CSPRNG (cryptographically
secure pseudorandom number generator)
that combines a good source of hardware
entropy and appropriate purifying
algorithms.

People get quite hot about the topic,
and apparently the Dilbert cartoon
applies at all times, regardless:

http://dilbert.com/strips/comic/2001-10-25/

When the Federal government shutdown ends
the pages here will contain good information
(NSA influence over NIST not withstanding):

http://csrc.nist.gov/groups/ST/toolkit/rng/index.html


At 16:00 10/15/2013 +0200, Corinna Vinschen wrote:
>/dev/random.  The new results with /dev/random are
>now along the lines of:
>
>  rngtest: bits received from input: 3059180032
>  rngtest: FIPS 140-2 successes: 152857
>  rngtest: FIPS 140-2 failures: 102
>  [...]
>
>which is another ~30% better result.  That
>should be sufficient, IMHO.
>
>
>Corinna
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple