Re: cortina/gemini: hwrng: what is its quality ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 21, 2021 at 10:03:17PM +0200, Corentin Labbe wrote:
> hello
> 
> I work on the crypto part of the cortina/gemini SL3516 SoC.
> The datasheet mention a HWRNG in its IP but really briefly:
> """
> The implementation is a 32-bit Hardware Random Number Generator that has a uniformed
> distribution between 0 and 2^32 -1. The hardware randomness is created by sampling data from
> different clock domains, and feeding it as input to the 32-bit maximum length LFSR (Linear Feedback
> Shift Register)
> """
> 
> Piping its output to rngtest give:
> dd if=/dev/hwrng count=2000 bs=2048 | rngtest
> rngtest 6.11
> rngtest: starting FIPS tests...
> rngtest: entropy source drained
> rngtest: bits received from input: 32768000
> rngtest: FIPS 140-2 successes: 1191
> rngtest: FIPS 140-2 failures: 447
> rngtest: FIPS 140-2(2001-10-10) Monobit: 183
> rngtest: FIPS 140-2(2001-10-10) Poker: 116
> rngtest: FIPS 140-2(2001-10-10) Runs: 346
> 2000+0 records in
> 2000+0 records out
> rngtest: FIPS 140-2(2001-10-10) Long run: 0
> rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> rngtest: input channel speed: (min=303.606; avg=3143.352; max=9712.208)Kibits/s
> rngtest: FIPS tests speed: (min=7.104; avg=10.332; max=10.638)Mibits/s
> rngtest: Program run time: 13303224 microseconds
> 
> That's a quite number of failure.
> Can the hwrng still be used with some "hwrng->quality" setting ?
> Or it is just too many failure to be used ?

If in doubt just leave it zero and the admin can override it if
necessary.

Thanks,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux