[Info-vax] In need of "good enough" randomness sources, anyone wanna help out? (OpenSSL 1.1.1 beta)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue May 1 11:39:50 EDT 2018
On 2018-05-01 07:10:19 +0000, Richard Levitte said:
> So I did a bit of experiment and collected more data, most of all quite
> a lot of the RMI$_ items but also a few more JPI$_ items, at a total of
> 736 bytes per gathering round and a "random" 1 to 10 second sleep
> between rounds, fed that into a file that I then fed NISTs minimum
> entropy estimation program (*)... and the result was pretty harsh, an
> estimate of 0.082 entropy bits per 8 bits of data (**), so roughly 1
> bit of entropy per 100 bits of data.
I'd liberally mix in $purge_ws (for 0x0-0xffffffffffffffffff) and
$resched calls and maybe toss around some ASTs using some mix of those
into your existing code trying to churn up some entropy, and through
all that sprinkle multiple clock_gettime (V7.3-2 and later) or
sys$rpcc_64 calls or rpcc built-in calls or probably better rscc
built-in calls, all in the service of added entropy. Maybe add a few
briefly-present busy-work compute-bound subprocesses while all that's
running; invoking the subprocesses using some busy-work option embedded
in the main OpenSSL utility or otherwise. The Alpha rpcc and rscc
stuff has been around for a long while, and the APIs did get ported to
Itanium. http://h41379.www4.hpe.com/wizard/wiz_4004.html et al.
This'd all be far easier if, you know, there was an entropy pool in the
kernel and APIs, but that's fodder for some future OpenVMS release.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list