When is the blocking RNG called?
Enzo Michelangeli
em at who.net
Fri Nov 24 14:57:15 CET 2000
----- Original Message -----
From: "Sam Roberts" <sroberts at uniserve.com>
To: "Enzo Michelangeli" <em at who.net>
Cc: <gnupg-devel at gnupg.org>
Sent: Friday, November 24, 2000 12:54 PM
Subject: Re: When is the blocking RNG called?
[...]
> > The most serious problem is the initial seeding required by 2): it can
only
> > be ensured efficiently if the generator is run as a separate daemon
process.
>
> That's not true, there's nothing a user space process can't do that a
> kernel driver can't do as well, particularly when entropy isn't introduced
> by software, only by unpredictable external events, better detected in
> the kernel, anyway.
Sure, I mean that it can't be done by a process that starts afresh every
time and then terminates, as GnuPG does. One needs something "always on",
like the kernel (best option) or a user-mode daemon (second best, but more
portable).
> > I would favour a third type of pseudo-device, say /dev/xrandom, behaving
> > like /dev/random until it had gathered enough entropy, then changing its
> > behaviour to emulate /dev/urandom. That could be also implemented in
EGD.
>
> This would be trivial to implement in the Linux/BSD random driver, if you
> looked you could just do it.
I know, but it wouldn't available to anybody else (unless accepted as
standard component of the kernel) and therefore it wouldn't be used by
popular applications.
> > The new Java iButton DS1957 (USD 27. a piece) has a built-in PRNG, which
> > also allows it to generate keys internally (a plus for security). Dallas
for
> > it has serial, parallel and USB adapters at very reasonable prices (USD
5.),
> > and free PKCS#11 drivers.
>
> Is it just a PRNG, or does it have a source of true/physical entropy
> that it uses as a seed for a PRNG?
I believe it's a true RNG, but you may ask the product manager Gary Ellis
<Gary.Ellis at dalsemi.com> . Official data sheets don't seem to be available
yet (in Dalsemi, they tend to lag the actual product...). The DS1957B
complete with USB fob is described at
http://www.dalsemi.com/news/pr/product/2000/usbfob.html, and can be
purchased online at
https://store.ibutton.com/cgi-bin/ncommerce3/CategoryDisplay?cgrfnbr=810&cgm
enbr=776&cg=810#90-1957B-406 (but generous amounts of export license red
tape apply for many countries).
Enzo
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.209 / Virus Database: 99 - Release Date: 11/2/2000
More information about the Gnupg-devel
mailing list