Reply to post: Re: Does nobody do a literature search anymore?

Boffin: Dump hardware number generators for encryption and instead look within

jvroig

Re: Does nobody do a literature search anymore?

You actually forgot one (which was less popular, less disseminated): Maxwell by Sandy Harris: https://www.kernel.org/doc/ols/2014/ols2014-harris.pdf

I saw all four: HAVEGE (2002 research from IRISA), haveged (Gary Wuertz implementation), Maxwell, and Jitter Entropy. I knew about HAVEGE & haveged from the start. I only learned about Maxwell and Jitter Entropy later on in the research. (Hi, I'm the cited paper author)

The main problem I have (and other researchers too - see, for example the Maxwell paper) with HAVEGE / haveged is that it's too complex (at least perceived), and seems to require specific CPU features and tuning for archs.

Jitter Entropy is a lot better, more recent, and actively maintained. It just does things that aren't necessary. In my view, that's why it's great for Linux, but will prevent it from scaling across all types of devices and platforms. (Also, Jitter Entropy MUST be compiled without optimization too. Stephan Mueller was pretty clear about that here: http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html)

The conference paper pre-print is very limited in details due to the page limit. However, I write more about the paradigm, key guiding principles, and implementation design of my work in the accompanying research website: https://research.jvroig.com/siderand I also deal quickly with key differences from HAVEGE/haveged, Maxwell, and Jitter Entropy.

Also, what else do you know works not just in C/C++ (because C/C++ has close-to-metal features that allow direct memory manipulation, like in HAVEGE/Jitter Entropy), but even in languages like PHP, Ruby, Python3, with a wealth of data? As far as I found, nothing else. Doing micro-benchmark timing aggregation is a straightforward way to guarantee platform-agnosticism, making implementations for any purpose simple and auditable.

Also, what else works that doesn't require a high-performance (nanosecond-precision) timer? Again, nothing else that I could find - not HAVEGE / haveged, Maxwell, or Jitter Entropy. In fact, my research so far works even for an Arduino Uno, which has an extremely simple processor (16 MHz only) and a very low res timer (4-microsecond precision only), showing a collection rate of 3,000 bits per second.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019