From: Stephan Mueller <smueller@chronox.de>
To: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH][RFC] CPU Jitter random number generator (resent)
Date: Tue, 21 May 2013 08:44:55 +0200 [thread overview]
Message-ID: <20130521084455.5c651991@tauon> (raw)
Hi,
[1] patch at http://www.chronox.de/jent/jitterentropy-20130516.tar.bz2
A new version of the CPU Jitter random number generator is released at
http://www.chronox.de/ . The heart of the RNG is about 30 lines of easy
to read code. The readme in the main directory explains the different
code files. A changelog can be found on the web site.
In a previous attempt (http://lkml.org/lkml/2013/2/8/476), the first
iteration received comments for the lack of tests, documentation and
entropy assessment. All these concerns have been addressed. The
documentation of the CPU Jitter random number generator
(http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html and PDF at
http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf -- the graphs and
pictures are better in PDF) offers a full analysis of:
- the root cause of entropy
- a design of the RNG
- statistical tests and analyses
- entropy assessment and explanation of the flow of entropy
The document also explains the core concept to have a fully
decentralized entropy collector for every caller in need of entropy.
Also, this RNG is well suitable for virtualized environments.
Measurements on OpenVZ and KVM environments have been conducted as
documented. As the Linux kernel is starved of entropy in virtualized as
well as server environments, new sources of entropy are vital.
The appendix of the documentation contains example use cases by
providing link code to the Linux kernel crypto API, libgcrypt and
OpenSSL. Links to other cryptographic libraries should be straight
forward to implement. These implementations follow the concept of
decentralized entropy collection.
The man page provided with the source code explains the use of the API
of the CPU Jitter random number generator.
The test cases used to compile the documentation are available at the
web site as well.
Note: for the kernel crypto API, please read the provided Kconfig file
for the switches and which of them are recommended in regular
operation. These switches must currently be set manually in the
Makefile.
Ciao
Stephan
Signed-off-by: Stephan Mueller <smueller@chronox.de>
next reply other threads:[~2013-05-21 6:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-21 6:44 Stephan Mueller [this message]
2013-05-21 16:43 ` [PATCH][RFC] CPU Jitter random number generator (resent) Sandy Harris
[not found] ` <CACXcFmmPjGBYhfbwfMdE2iTv2a9Q6HB1aT8JSnXA-8n2yO0zcA@mail.gmail.com>
2013-05-21 16:56 ` Stephan Mueller
[not found] ` <CACXcFm=PCPs23Kd8B0+B7418fSaz=59Z4DRcj3-Wcd-i=Meang@mail.gmail.com>
2013-05-21 19:01 ` Theodore Ts'o
2013-05-21 21:39 ` Sandy Harris
2013-05-22 6:20 ` Stephan Mueller
2013-05-22 17:40 ` Sandy Harris
2013-05-22 18:34 ` Stephan Mueller
2013-05-23 9:59 ` Stephan Mueller
2013-08-05 3:05 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130521084455.5c651991@tauon \
--to=smueller@chronox.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox