On 3/16/06, coderman <coderman@gmail.com> wrote:

... - does entropy mgmt on VIA hardware work? (c5test/c5keys/c5net)

for those with VIA/Intel/AMD hw entropy device support and a running mtrngd you can get current status via '/etc/rc.d/rcS.mtrngd status'. logs are in /var/log/mtrngd/. i'd be interesting in knowing run times for large amounts of entropy gathered and mixed to /dev/random (gigabytes if it remains stable for that long). particularly for the Intel and AMD hw devices which i do not currently have at my disposal for testing. status output is similar to the following; sizes are in Bytes, times/stats are in microseconds (not milli): [Fri Mar 24 08:46:14-459926] Current MTRNGD Status: bad fips blocks ......: 13080 monobit failures ___: 3359 poker run failures _: 542707 bit run failures __: 1104377 long run failures __: 9687 cont run failures __: 35 good fips blocks .....: 41614750 hwrng read bytes .....: 104069575000 entropy add bytes ....: 104036872320 random writeable cnt .: 541858710 hw entropy read stats ....: min: 2479 avg: 3359 max: 22788 total: 139833561751 rng fips check stats .....: min: 904 avg: 919 max: 6464 total: 38267989605 random recv starve stats .: min: 3416 avg: 4305 max: 24018 total: 179159453561 you can stress /dev/random via 'bench-rng /dev/random 1024 1000000' or simply 'cat /dev/random > /dev/null'. uptime would be helpful. note that i accidentally left "forgiving fips check" set in the rcS.mtrngd script; this can be turned off for a better real world test. the forgiving option does not fail blocks with poker or bit runs. monobit, long, and continuous runs are always critical and the block is discarded. the FIPS check block size is 1500 bytes. see http://csrc.nist.gov/fips/fips1401.htm for more info. by default entropy density is at 80% so take that into consideration when calculating available /dev/random throughput. ex: entropy add bytes ....: 104036872320 x 0.80 == 83,229,497,856 Bytes of actual entropy added to /dev/random pool.