[openssl-dev] DRBG entropy
Kurt Roeckx
kurt at roeckx.be
Fri Jul 29 22:19:17 UTC 2016
On Thu, Jul 28, 2016 at 09:08:32AM -0700, John Denker wrote:
>
> That means the chip design is broken in ways that the manufacturer
> does not understand. The mfgr data indicates it "should" be much
> better than that:
> http://www.fdk.com/cyber-e/pdf/HM-RAE103.pdf
Reading that, you don't seem to have access to the raw entropy
and the tests you are doing are meaningless. It really should
always give you a perfect score since it should already be at
least whitened.
I have a feeling that there is at least a misunderstanding of what
that draft standard is saying and that it's isn't being followed.
But if the tests still give you such a low score something seems
to be wrong, which might either be the hardware or software.
Have you tried running NIST's software
(https://github.com/usnistgov/SP800-90B_EntropyAssessment)
yourself? Can you run it in verbose mode and give the results of
all the tests it ran?
Kurt
More information about the openssl-dev
mailing list