Hello, While poking around TRNG quality I came across this apparent issue:
/dev/random does not block, emits poor entropy Running 1.7.17 but see no updates in the 1.7.18 thru 1.7.25 Changelog entries regarding /dev/random. Due to 'argp' library issues I could not compile 'rngtest' under Cygwin. Worked around it by running netcat -l -p 8989 172.29.88.18 </dev/random on the Windows side and ncat 172.29.88.10 8989 | rngtest -t 10 on the Linux machine. Output looks like rngtest: FIPS tests speed: (min=389.946; avg=74898.778; max=94811.893)Kibits/s rngtest: Program run time: 60032020 microseconds rngtest: bits received from input: 3088523264 rngtest: FIPS 140-2 successes: 154295 rngtest: FIPS 140-2 failures: 131 rngtest: FIPS 140-2(2001-10-10) Monobit: 17 rngtest: FIPS 140-2(2001-10-10) Poker: 15 rngtest: FIPS 140-2(2001-10-10) Runs: 53 rngtest: FIPS 140-2(2001-10-10) Long run: 47 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=393.292; avg=188386.332; max=887784.091)Kibits/s rngtest: FIPS tests speed: (min=389.946; avg=74949.192; max=94811.893)Kibits/s rngtest: Program run time: 69528238 microseconds which I think would qualify as "not great." Is similar to what I see when running rngtest -t 10 /dev/urandom on Linux. My guess is that the /dev/random driver needs an adjustment to block when the MS crypto function calls indicate a lack of available entropy --assuming that the MS libraries support entropy qualification of some kind. I don't subscribe to the list (though I do look at the archives), so please CC me on any requests for my input. Regards -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
