CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/09/28 08:57:36
Modified files:
share/man/man4 : random.4
Log message:
Update page a little, in particular try to describe the underlying mechanisms
in simple terms (mostly as a yardstick for others to be measured against):
Entropy data stored previously is provided to the kernel during the boot
sequence and used as inner-state of a stream cipher. High quality data
is available immediately upon kernel startup. System activity (such as
disk, network, and clock device interrupts), and hardware random
generator output is collected, whitened with a crc and hash, then
periodically folded together with stream cipher inner-state and outer-
state to create a new inner state. Reads from all consumers (including
the kernel itself, which makes many requests per second) are sliced from
the same output stream, which carves the stream cipher output
unpredictably and helps improve forward and backtracking protection
beyond the strength of the stream cipher.
some discussion with djm. There may be more updates.
