<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Noto Serif">Hi!</font></p>
<p><font face="Noto Serif"><b>Ref 1</b> : </font><font face="Noto
Serif"><a class="moz-txt-link-freetext" href="https://www.chronox.de/lrng/doc/lrng.pdf">https://www.chronox.de/lrng/doc/lrng.pdf</a></font></p>
<p><font face="Noto Serif"><b>Ref 2</b> : </font><font face="Noto
Serif"><a class="moz-txt-link-freetext" href="https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN_V5_4.html">https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN_V5_4.html</a></font></p>
<p><font face="Noto Serif">Until yet, we can use NEUG with user
space utility call rng-tools. But since kernel 5.18 and the
refondation of the Linux Random Number Generator (Ref 1) by
stephan Muller ( <a class="moz-txt-link-abbreviated" href="mailto:smueller@chronox.de">smueller@chronox.de</a>), it seems that :
/dev/urandom and /dev/random are the same after initial RNG
initialization (<a class="moz-txt-link-freetext" href="https://wiki.archlinux.org/title/Rng-tools">https://wiki.archlinux.org/title/Rng-tools</a>) and
(Ref 2 page 15 : "<i>When accessing /dev/random, random numbers
are only generated if the entropy pool or the ChaCha20 DRNG
received at least 256 bits of initial entropy. After reaching
that threshold of 256 bits of entropy once, /dev/random will
operate non-blocking for the lifetime of the system and thus
operate identically </i><i>to /dev/urandom..</i>")</font></p>
<p><font face="Noto Serif">The BSI (Deutschland Digital Sicher /
Budesamt für Sicherheit in der Informationstecnik) make regular
analysis of the Linux Random Number Generator (Ref 2) and it's
conclusions are that :</font></p>
<p><font face="Noto Serif">-- the new RNG is not as efficient as
it's older implémentation</font></p>
<p><font face="Noto Serif">-- few sources of entropy are correct for
entropy boot process (Ref 2 §6.1)<br>
</font></p>
<p><font face="Noto Serif">-- When injecting new seed data from
user space by either the IOCTL or by writing into either
/dev/random or /dev/urandom, the seed data is added to the input
pool. It remains unused there until the base ChaCha20 DRNG
decides it is time to reseed </font><font face="Noto Serif"><font
face="Noto Serif">(Ref 2 page 58)</font>.</font></p>
<p><font face="Noto Serif">So, it would be interesting to use NEUG
and in the futur Gomti as hardware generator (Ref 2 pages 39
& 51). It would be interesting for early boot process (Ref 2
page 85) and normal process. It seems to replace user space
rngd daemon : "<i>Ref 2 page 39 : The Linux kernel contains an
additional entropy collection mechanism for in-kernel
hardware-RNG device drivers. Before the advent of the
add_hwgenerator_randomness function, the user space rngd
daemon was required to transport random bits from /dev/hwrng –
the interface to the hardware-RNG framework – to /dev/random.
With the functionality described in the following, this detour
via user space is </i><i>no longer needed.</i>"<br>
</font></p>
<p><font face="Noto Serif">It is possible, right now, to use it
(NEUG, Gomti) as hardware generator and how, or will it be
possible in the futur ?</font></p>
<p><font face="Noto Serif">Best regards<br>
</font></p>
<p><font face="Noto Serif"><br>
</font></p>
<p><br>
</p>
<div id="grammalecte_menu_main_button_shadow_host" style="width:
0px; height: 0px;"></div>
</body>
</html>