/dev/random does not block, emits poor entropy

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Oct 15 14:00:00 GMT 2013 

On Sep 19 01:55, starlight.2013z3@binnacle.cx wrote:
> For contrast, here is a 'rngtest' run against a
> 3.1.8 Linux kernel with /dev/random enhanced by
> the output of a STMicroelectronics ST33 TPM PRNG
> (via 'rngd' v4).
> 
> bits received from input: 62380032
> FIPS 140-2 successes: 3115
> FIPS 140-2 failures: 4
> FIPS 140-2(2001-10-10) Monobit: 0
> FIPS 140-2(2001-10-10) Poker: 0
> FIPS 140-2(2001-10-10) Runs: 3
> FIPS 140-2(2001-10-10) Long run: 1
> FIPS 140-2(2001-10-10) Continuous run: 0
> input channel speed: (min=21.119; avg=42.165; max=136.844)Kibits/s
> FIPS tests speed: (min=41.374; avg=104.495; max=107.154)Mibits/s
> Program run time: 1445.324494 seconds
> 
> That's three bit runs and one long bit run
> in close to 8MB of random data.

Ok, let's compare that with the results of Cygwin's /dev/random as you
posted in your previous mail:

rngtest: bits received from input: 3088523264
rngtest: FIPS 140-2 successes: 154295
rngtest: FIPS 140-2 failures: 131


The # of bits received from input is about 49.5 times higher than what
you got from Linux' /dev/random.  So the number of events should be
divided by 49.5 for a fair comparison, right?  Lazily rounded up
I get:

                                         Linux   Cygwin/49.5
bits received from input:             62380032    62394409.4
FIPS 140-2 successes:                     3115        3117.1
FIPS 140-2 failures:                         4           2.7

The failure rate is better than on Linux.  That doesn't look bad to me.
Am I missing something?

Nevertheless I now added code to reseed the OS PRNG after each run of
512 bytes for the /dev/random emulation.  This results in even better
numbers for the price of slowing down access to /dev/random, which is
not much of a problem compared to the blocking behaviour of Linux'
/dev/random.  The new results with /dev/random are now along the
lines of:

  rngtest: bits received from input: 3059180032
  rngtest: FIPS 140-2 successes: 152857
  rngtest: FIPS 140-2 failures: 102
  [...]

which is another ~30% better result.  That should be sufficient, IMHO.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20131015/d6c501f3/attachment.sig>

More information about the Cygwin mailing list