On 10/09/2013 07:46 AM, Stanimir Varbanov wrote: > > No, there is no public documentation for the block. Here is the driver > documentation which I used as a base [1]. > > My guess was that - if it is PRNG (got from hardware description link > above) than according to wiki [2] it is also known as a deterministic > random bit generator (DRBG). The recommendation for RNG using DRBG is > NIST 800-90. > > Of course I could be wrong, so I can add a comment that this is just a > guess and we shouldn't over-reliance on this. > There needs to be an architecturally guaranteed lower bound on the entropic content for this to be at all useful. However, the hwrandom interface is currently expecting fully entropic output (which is almost certainly bogus... consider the PowerPC random number generator[1]) and so using it for a PRNG output is directly wrong. This is part of why RDRAND support is implemented directly in rngd so that we can do the required cryptographic data reduction to produce fully entropic output. -hpa [1] which has a known first-order bias which they "correct" for by XORing two datums together in a very simple data reduction step. However, if their random source has bias it is extremely likely it also has nonzero correlations, which require stronger reductions. It would make a lot more sense to feed this data into the random pools but derated at a lower entropy level. This would be useful for RDRAND as well. -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html