[Cryptech Tech] trng ready for play

Joachim Strömbergson joachim at secworks.se
Sun Oct 5 07:12:04 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Randy Bush wrote:
>>> if entropy providers vary much in speed, having a per-provider 
>>> timeout may be wise.
>> True. The provider might even be made to handle the timeout itself.
>> The avalanche entropy provider for example will know the 
>> approximate internal data rate anyway so having it adjusting the 
>> timeout. OTOH this would still push the ability to break out from 
>> livelock away from the collector.
> 
> and that's the rub.  i prefer simha's approach of A watching B (and, 
> where appropriate, vice versa).


What we could do is:

(1) Have fairly sane timeout defaults (we need reset values anyway) in
the mixer and allow SW to change timeouts by writing new reg values.
This is possible today, but have one single timeout for all entropy
providers.

(2) Have the entropy providers provide an estimate of their current rate
as a readable value to SW. The avalanche noise have this ability today
and it should be possible to do in other entropry providers and wouldn't
be a very hard requirement.

Then it will be able for SW to do the intelligent control by reading the
current rate in a given entropy provider and adjusting the corresponding
timeout value in the mixer. If nothing is done, the sane defaults are
still used.

I'm planning to start adding security alarms and one of the first is
ability for the mixer to signal that timeout has been reached for a
given mixer.


>> We should make a list of features to add somewhere. For me the
>> highest priorities right now are:

I have started to think that we really should start using the issue
tracker we have in the trac-wiki. That would allow more people to see
what we do and also provide comments, ideas etc. And then we can also
provide tracking in the rev logs (Trac supports this automatically).

The functionality above would be typical things to add ass feature tickets.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUMO9EAAoJEF3cfFQkIuyN530P/A2NH2nNPIL9Pq1h4j3/tMOM
oKWUAof1YAaCRTW+o+NVNnyVaapdABEZPYNEGcUQkSOrqrz4xysn9q6jxZtaXOzK
gb0Wu5BGBdwxhu1Jq7Gu2wIqAX/1tqtJsP/hHvzHS/oURmPrC28OpKlEAR0VqfGI
6mPkpvcPV97srLaesarKa1Zd8Ly/iLstRGTS8kFwJYfd/Ts2I3krYDKBkScYhH9F
EzMyNxcbOFWBW2n1mt82fRRhCTve4/vzrm2YmXVx8rVfb6xNBLwDetJXrJ2H8lbw
JZBqQbSPUPG85W4PfLMzSbV7K1FB4P+F2MIWj8KqYSV5Zyi28iAGz/35TqOZ9WZt
3CdwtOERMqVTu7dF6h8VznQ0uqhz/4gxISTIvOR5z1FzQlaKywE6ZL7YCKYu/X7c
ufwT/MK0D2ap/Kj+I5Grkwd0pW0cDJ4LSQ2KCesr19C/+29bblWBh1nkuwfvcEat
KhUxiePctXEXS1Av3vMVGtPwqZ0vriI00coFJIKMhkF8VMca8Hxx42cD04b9c8TA
daXMqcKavz9Qd1PGhb94dZAQ3mmZiA53tYV3IWjrWSVwJTDn+JJGegQRqGOtAA0g
Z3nxoV8QfbrZLVQuhbk6QiAFD+HTkFSCbmH7ELFxMvvDaAJNQsgJodOIp6wv4nPm
V+UF/OeIpjif5eijXz5t
=/JHs
-----END PGP SIGNATURE-----


More information about the Tech mailing list