[onerng talk] Blinking LED

James Cameron quozl at laptop.org
Thu Jun 18 02:37:08 BST 2015 

On Thu, Jun 18, 2015 at 12:37:43PM +1200, Paul Campbell wrote:
> On Thu, 18 Jun 2015 09:58:19 James Cameron wrote:
> > Jun 18 09:40:53 esk rngd: too many FIPS failures, disabling entropy source
> > Jun 18 09:40:53 esk rngd: No entropy sources working, exiting rngd
> 
> this is interesting you're the second person to report this ...

Perhaps you are more exposed to this problem by making an RNG?  ;-)

Not important though, it was an artificial situation; demand driven,
and easily reproducible.

> rngd uses the fips stuff wrongly - for a good-enough random source
> the fips test reports some false negatives (you can see this running
> rngtest on OneRNG) this is normal, sometimes a random stream has
> data that doesn't look random even though it is - we get less than
> one false negative per 1000 tests which is considered OK.
> 
> The problem with rngd is that it accumulates these errors (rather
> than looking at long term failure rates and shutting down is the
> rates are too low)and when it sees too many it shuts down.

I think I see what you mean.  There is an accumulation, but there's an
averaging as well.  An incrementing counter tracks test failures.  The
counter is decremented every 1000 test successes.  A time averaging
filter that is very sensitive to short term failures.

25 failures are needed at a rate exceeding one per 1000 tests, but
they need not be consecutive; they can be spread among 25000 tests.

The filter also has a decreased sensitivity early on in the failure
count, while it is less than or equal to 6.

	http://dev.laptop.org/~quozl/y/1Z5O8X.txt
	(from rng-tools 4-0ubuntu2)

Assuming the distribution of test failures is as random as the input
source, my guess is that the filter is too sensitive.  A few back of
the envelope calculations suggests an order of magnitude, but I'm not
enough of a mathematician to show my work.

> We've talked about creating an option that runs OneRNG data through
> OpenSSL AES (with a fixed key) to further whiten the incoming data -
> you might want to try this and see if it solves your problem

Don't like the complexity.  I'd be more inclined to increase
MAX_RNG_FAILURES (25) or decrease RNG_OK_CREDIT (1000), or rewrite the
filter.

-- 
James Cameron
http://quozl.linux.org.au/

More information about the Discuss mailing list