MirOS News

Sponsored by
HostEurope Logo

MirOS News

All 1 2 3 4 5 6 7 8 9 10 11 12

arandom(4) is a high quality SRNG (stretched RNG). It passes these test suites quite well on bleu (IBM X40, without TPM support). I also took 128 MiB samples from the same /dev/arandom, as well as from tear (Via C7), herc (P-233MMX), ss5, eurynome. The results are similar to each other (some of the tests rewind the input file a lot of times, so there are of course differences to the test using the arandom(4) stream directly – but the results are as good as can be expected, and tests that happen to fail (which is expected too, as it’s random after all) pass quite well with other runs). Another 128 MiB snippet of the TPM output looks to be as good as the arandom one, which doesn’t infer that it’s a TRNG, but it’ll at least help; the C7 xstore-rng output however looks rather bad in some tests (such as the Chi square test); apparently, the kernel initialises it with not optimum values (which may even be correct, as we use the RNG from kernel space, so a bias doesn’t matter, whereas Von Neumann bias correction would eat up very many bits; additionally, it’s designed to work from VIA C3 onwards).

I think the Entropy Key will have even better results. It’s still a thermal noise (or Johnson noise?) type, not a “real” QRNG (using photons and a mirror, or radioactive material and a Geiger counter), unless the one from fourmilab.ch (I’d insert a link here, but John Walker’s site appears to be down). Personally, I use the use-many-sources and mix approach, getting “best” entropy from external sources, including fourmilab’s (via https), “good” from myself (VIA C7, IBM TPM, soon eKey); “medium”, “regular” and “bad” from myself, where most of these are non-interceptible – the RANDOM.SYS for DOS author says every bit counts, and I think so too. cprng(8) is an example of “medium” (or “bad” if you lack the appropriate hardware) source; keyboard/mouse are “regular”, disc/net I/O are “bad” but available. The four-pool mixing helps, and the results show. Hell, even nwt has good entropy. And the RANDEX protocol helps some, too. Untrusted, but potentially good bits; wrandom(4) pool.

MirOS Logo