[onerng talk] Blinking LED
James Cameron
quozl at laptop.org
Thu Jun 18 02:37:08 BST 2015
On Thu, Jun 18, 2015 at 12:37:43PM +1200, Paul Campbell wrote:
> On Thu, 18 Jun 2015 09:58:19 James Cameron wrote:
> > Jun 18 09:40:53 esk rngd: too many FIPS failures, disabling entropy source
> > Jun 18 09:40:53 esk rngd: No entropy sources working, exiting rngd
>
> this is interesting you're the second person to report this ...
Perhaps you are more exposed to this problem by making an RNG? ;-)
Not important though, it was an artificial situation; demand driven,
and easily reproducible.
> rngd uses the fips stuff wrongly - for a good-enough random source
> the fips test reports some false negatives (you can see this running
> rngtest on OneRNG) this is normal, sometimes a random stream has
> data that doesn't look random even though it is - we get less than
> one false negative per 1000 tests which is considered OK.
>
> The problem with rngd is that it accumulates these errors (rather
> than looking at long term failure rates and shutting down is the
> rates are too low)and when it sees too many it shuts down.
I think I see what you mean. There is an accumulation, but there's an
averaging as well. An incrementing counter tracks test failures. The
counter is decremented every 1000 test successes. A time averaging
filter that is very sensitive to short term failures.
25 failures are needed at a rate exceeding one per 1000 tests, but
they need not be consecutive; they can be spread among 25000 tests.
The filter also has a decreased sensitivity early on in the failure
count, while it is less than or equal to 6.
http://dev.laptop.org/~quozl/y/1Z5O8X.txt
(from rng-tools 4-0ubuntu2)
Assuming the distribution of test failures is as random as the input
source, my guess is that the filter is too sensitive. A few back of
the envelope calculations suggests an order of magnitude, but I'm not
enough of a mathematician to show my work.
> We've talked about creating an option that runs OneRNG data through
> OpenSSL AES (with a fixed key) to further whiten the incoming data -
> you might want to try this and see if it solves your problem
Don't like the complexity. I'd be more inclined to increase
MAX_RNG_FAILURES (25) or decrease RNG_OK_CREDIT (1000), or rewrite the
filter.
--
James Cameron
http://quozl.linux.org.au/
More information about the Discuss
mailing list