On Sun, 4 Apr 2021, Greg A. Woods wrote:
At Sun, 4 Apr 2021 09:49:58 +0000, Taylor R Campbell <riastr...@netbsd.org>
wrote:
Your change _creates_ the lie that every bit of data entered this way
is drawn from a source with independent uniform distribution.
No, my change _allows_ the administrator to decide which devices can be
used as estimating/counting entropy sources. For example I know that
many of the devices on almost all of my machines (virtual or otherwise)
are equally good sources of entropy for their uses.
I think running the /dev/random bit-stream through some statistical
tests, (both on RDRAND/RDSEED-based and estimator-based as in your
patch) would be useful here.
Binary packages already have the dieharder RNG tester. Then, there
is John Walker's ent for PRNGs: https://fourmilab.ch/random/
NIST has some too, I believe (I can't locate them right now).
-RVP
PS. Is there a way to get the bit-stream from the various in-kernel
sources so that we can run them through these sort of tests? That
way we can check--not intuit--how random the bit-streams they
produce really are.