[openssl-dev] DRBG entropy
Leon Brits
leonb at parsec.co.za
Wed Jul 27 12:13:26 UTC 2016
Hi all,
I have a chip (FDK RPG100) that generates randomness, but the SP800-90B python test suite indicated that the chip only provides 2.35 bits/byte of entropy. According to FIPS test lab the lowest value from all the tests are used as the entropy and 2 is too low. I must however make use of this chip.
Looking at the paragraph in the User Guide 2.0 where low entropy sources are discussed and have some additional questions:
1. In my DRBG callback for entropy (function get_entropy in the guide), I simply used our chip as the source (the driver reading from the chip, makes it available at /dev/hwrng). Now that I've come to learn that the chip's entropy is too low, how do I ensure that this callback exists with a buffer of acceptable entropy?
2. Should I just return a 4 times larger buffer? Wat if that is larger than the "max_len"?
3. Can the DRBG repeatedly call the callback until the entropy is high enough?
Your advice is appreciated
Regards
LJB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160727/70757f5e/attachment.html>
More information about the openssl-dev
mailing list