Acquire Entropy for embedded platform
Chitrang Srivastava
chitrang.srivastava at gmail.com
Fri Aug 16 10:28:32 UTC 2019
Thanks Pauli,
I did checked CPU Jitter and it looks promising. It has openssl engine
support too.
So i guess I have to add this add provide OS specific calls and it should
work.
Will keep you posted.
Thanks,
On Fri, Aug 16, 2019 at 3:15 PM Dr Paul Dale <paul.dale at oracle.com> wrote:
> I investigated HAVEGE fairly deeply a couple of years ago. I am
> completely in agreement with the basis of this source, however the sticking
> point was the “expansion” phase. Essentially, every bit of entropy
> gathered is turned into (just under) thirty two bits of “entropy”. This is
> logically and physically impossible. As a source, it appears reasonable to
> the usual tests (i.e. dieharder), although TestU01
> <https://en.wikipedia.org/wiki/TestU01> does pick up on it being less
> than ideal.
>
> I would, however, recommend Stephan Müller's CPU Jitter
> <https://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html>. The gathering
> is well researched and performed, no hidden tricks are present and the bits
> produces are equiprobable.
>
>
> Pauli
> --
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
> Phone +61 7 3031 7217
> Oracle Australia
>
>
>
>
> On 16 Aug 2019, at 7:31 pm, Robert Moskowitz <rgm at htt-consult.com> wrote:
>
>
>
> On 8/16/19 5:26 AM, Chitrang Srivastava wrote:
>
> Hi,
>
> I am working on an embedded platform and now ported openssl 1.1.1b
> TLS 1.2/1.3 is working fine.
> While analysing random number , Rand pool initialization calls where I am
> returning like this ,
> size_t *rand_pool_acquire_entropy*(RAND_POOL *pool)
> {
> return rand_pool_entropy_available(pool);
> }
> As noticed that *rand_unix.c* has an implementation wcih samples 2 bits
> of RTC, would that give enough entropy or any other recommendation to have
> enough entropy for embedded platforms?
>
>
>
> Check out: https://issihosts.com/haveged
>
> I talk about it here:
> http://www.htt-consult.com/CentOS7-armv7.html#RANDOMNESS
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190816/f51c7213/attachment.html>
More information about the openssl-users
mailing list