[talk] FreeBSD RNG issue on -current only

Tue Feb 17 22:26:19 EST 2015

Isaac (.ike) Levy:
> On 02/17/15 21:00, George Rosamond wrote:
>> Isaac (.ike) Levy:
>>>
>>> On February 17, 2015 03:12:24 pm EST, "George Rosamond"
>>> <george at ceetonetechnology.com> wrote:
>>>
>>>> Mark Saad:
>>>>>
>>>>>
>>>>> On 02/17/15 13:28, Brian Callahan wrote:
>>>>>> Just in case anyone is running a recent FreeBSD -current:
>>>>>> https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054581.html
>>>>>>
>>>>>>
>>>>>
>>>>> They also had to create keys in that said version. This also
>>>>> doesn't not
>>>>> effect any release.
>>>>
>>>> Yes, it's current and all, and that should be made clear, but
>>>> nevertheless it's disturbing.
>>>>
>>>> Isn't there some automated way to check and recheck entropy from
>>>> output,
>>>> instead of solely relying on the code?  Obviously, it couldn't find
>>>> highly unlikely collisions, etc., but at least discover the most ugly
>>>> instances?  Yes.. probably would require a lot of CPU...
>>>>
>>>> g
>>>
>>> I'm by no means an authority- but wouldn't testing using a tool like
>>> ent(8) do the job, crudely even?
>>>
>>> http://www.fourmilab.ch/random/
>>
>> That's a cool tool... don't know why I hadn't seen it before.
>>
>> Anyone use it before?
>>
>> Seems useful for testing password entropy, at least.
>>
>> g
> 
> I first found it in a Calomel article,
> 
> https://calomel.org/entropy_random_number_generators.html
> 
> (I hear Bcallah loves these guys? ;)
> 
> Anyhow, fun article- but I'm no authority, and RNG is obviously a
> serious topic- so I don't want to pretend to suggest this as though it's
> an authoritative resource.

diehard and dieharder are both in FreeBSD ports.  OpenBSD has the ent
package.

I'm playing with them now... anyone have previous experience with them?

Outside of testing RNG output, I can see using these to really test the
entropy of passwds, as opposed to relying on those wonderfully useless
online passwd tests.

g