entropy status / benchmarks [was test an iso]
coderman
coderman at gmail.com
Thu Mar 23 22:45:19 PST 2006
On 3/16/06, coderman <coderman at gmail.com> wrote:
> ...
> - does entropy mgmt on VIA hardware work? (c5test/c5keys/c5net)
for those with VIA/Intel/AMD hw entropy device support and a running
mtrngd you can get current status via '/etc/rc.d/rcS.mtrngd status'.
logs are in /var/log/mtrngd/.
i'd be interesting in knowing run times for large amounts of entropy
gathered and mixed to /dev/random (gigabytes if it remains stable for
that long). particularly for the Intel and AMD hw devices which i do
not currently have at my disposal for testing.
status output is similar to the following; sizes are in Bytes,
times/stats are in microseconds (not milli):
[Fri Mar 24 08:46:14-459926] Current MTRNGD Status:
bad fips blocks ......: 13080
monobit failures ___: 3359
poker run failures _: 542707
bit run failures __: 1104377
long run failures __: 9687
cont run failures __: 35
good fips blocks .....: 41614750
hwrng read bytes .....: 104069575000
entropy add bytes ....: 104036872320
random writeable cnt .: 541858710
hw entropy read stats ....: min: 2479 avg: 3359 max:
22788 total: 139833561751
rng fips check stats .....: min: 904 avg: 919 max:
6464 total: 38267989605
random recv starve stats .: min: 3416 avg: 4305 max:
24018 total: 179159453561
you can stress /dev/random via 'bench-rng /dev/random 1024 1000000' or
simply 'cat /dev/random > /dev/null'.
uptime would be helpful. note that i accidentally left "forgiving
fips check" set in the rcS.mtrngd script; this can be turned off for a
better real world test. the forgiving option does not fail blocks
with poker or bit runs. monobit, long, and continuous runs are always
critical and the block is discarded.
the FIPS check block size is 1500 bytes. see
http://csrc.nist.gov/fips/fips1401.htm for more info.
by default entropy density is at 80% so take that into consideration
when calculating available /dev/random throughput. ex:
entropy add bytes ....: 104036872320 x 0.80 == 83,229,497,856 Bytes
of actual entropy added to /dev/random pool.
More information about the Testlist
mailing list