From: Corentin Labbe <clabbe.montjoie@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linus.walleij@linaro.org,
linux-kernel@vger.kernel.org
Subject: Re: cortina/gemini: hwrng: what is its quality ?
Date: Thu, 22 Apr 2021 08:52:23 +0200 [thread overview]
Message-ID: <YIEdJ3G/QwA8/BEU@Red> (raw)
In-Reply-To: <20210422001430.GA4246@gondor.apana.org.au>
Le Thu, Apr 22, 2021 at 10:14:30AM +1000, Herbert Xu a écrit :
> On Wed, Apr 21, 2021 at 10:03:17PM +0200, Corentin Labbe wrote:
> > hello
> >
> > I work on the crypto part of the cortina/gemini SL3516 SoC.
> > The datasheet mention a HWRNG in its IP but really briefly:
> > """
> > The implementation is a 32-bit Hardware Random Number Generator that has a uniformed
> > distribution between 0 and 2^32 -1. The hardware randomness is created by sampling data from
> > different clock domains, and feeding it as input to the 32-bit maximum length LFSR (Linear Feedback
> > Shift Register)
> > """
> >
> > Piping its output to rngtest give:
> > dd if=/dev/hwrng count=2000 bs=2048 | rngtest
> > rngtest 6.11
> > rngtest: starting FIPS tests...
> > rngtest: entropy source drained
> > rngtest: bits received from input: 32768000
> > rngtest: FIPS 140-2 successes: 1191
> > rngtest: FIPS 140-2 failures: 447
> > rngtest: FIPS 140-2(2001-10-10) Monobit: 183
> > rngtest: FIPS 140-2(2001-10-10) Poker: 116
> > rngtest: FIPS 140-2(2001-10-10) Runs: 346
> > 2000+0 records in
> > 2000+0 records out
> > rngtest: FIPS 140-2(2001-10-10) Long run: 0
> > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> > rngtest: input channel speed: (min=303.606; avg=3143.352; max=9712.208)Kibits/s
> > rngtest: FIPS tests speed: (min=7.104; avg=10.332; max=10.638)Mibits/s
> > rngtest: Program run time: 13303224 microseconds
> >
> > That's a quite number of failure.
> > Can the hwrng still be used with some "hwrng->quality" setting ?
> > Or it is just too many failure to be used ?
>
> If in doubt just leave it zero and the admin can override it if
> necessary.
>
But as an admin, what value I can set ?
If I do a rule-of-3, success rate is 73%.
So does a quality of 730 is ok ?
next prev parent reply other threads:[~2021-04-22 6:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 20:03 cortina/gemini: hwrng: what is its quality ? Corentin Labbe
2021-04-22 0:14 ` Herbert Xu
2021-04-22 6:52 ` Corentin Labbe [this message]
2021-04-22 7:21 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YIEdJ3G/QwA8/BEU@Red \
--to=clabbe.montjoie@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linus.walleij@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.