rnd.4 - OpenGrok cross reference for /netbsd-src/share/man/man4/rnd.4

Lines Matching +full:no +full:- +full:seed
3 .\" Copyright (c) 2014-2020 The NetBSD Foundation, Inc.
21 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
120 .Bl -bullet -offset abcd
132 means a single read, no matter how short it is.
145 The observations are combined into a seed for a cryptographic
156 analyzed as the -log_2 of the highest probability of any outcome,
158 .Em min-entropy ,
164 .Bl -bullet -offset indent -compact
168 A fair (six-sided) die roll has a little over 2.5 bits of entropy.
192 min-entropy, including the more well-known Shannon entropy, but they
220 ports support a command to load a seed from disk before the
250 generation which has no side channel to an attacker other than the
260 No amount of scrutiny by the system's operator could detect this.
278 to the super-user and should be used with caution.
282 .Bd -literal
301 #define	RND_TYPE_MAX		/* value of highest-numbered type */
312 .Bl -tag -width abcd
316 .Bd -literal
336 .Bd -literal
351 .Bd -literal
373 .Bd -literal
393 .Bd -literal
396 	uint32_t threshold;	/* no. bytes of pool hash returned */
398 	uint32_t added;		/* no. bits of entropy ever added */
400 	uint32_t discarded;	/* no. bits dropped when pool full */
401 	uint32_t generated;	/* no. bits yielded by pool while
415 .Bl -tag -width abcd
419 If disabled, no new data can be entered into the entropy pool, whether
435 never guess the 256-bit secret in a Keccak sponge no matter how much
440 .Dl # sysctl -w kern.entropy.consolidate=1
442 causes the system to consolidate pending entropy from per-CPU pools
446 The following read-only
450 .Bl -tag -width abcd
458 Number of bits of entropy pending in per-CPU pools.
464 The following read-only
467 .Bl -tag -width abcd
472 .Bl -dash -compact
489 Initially set to 2^32 \- 1
490 .Pq i.e., Li "(unsigned)\-1"
492 2^32 \- 1.
502 It may be out-of-date by the time you read it, and nothing in here
510 a collection of per-CPU Keccak sponges called
517 When the estimate of entropy pending among the per-CPU entropy pools
518 reaches a threshold of 256 bits, the entropy is drawn from the per-CPU
524 and the in-kernel
542 .Dl # sysctl -w kern.entropy.consolidate=1
556 are served by a persistent per-CPU Hash_DRBG instance that is
579 .Bl -tag -width ".Pa /dev/urandom" -compact
593 .Bl -diag -offset indent
602 This message is rate-limited to happen no more often than once per
611 seed from the bootloader to diagnose saving and loading seeds on disk:
612 .Bl -diag -offset indent
613 .It entropy: entering seed from bootloader with N bits of entropy
614 The bootloader provided an entropy seed to the kernel, which recorded
616 .It entropy: no seed from bootloader
617 The bootloader did not provide an entropy seed to the kernel before
625 .It entropy: invalid seed length N, expected sizeof(rndsave_t) = M
626 The bootloader provided an entropy seed of the wrong size to the
630 The seed will be ignored.
631 .It entropy: invalid seed checksum
632 The entropy seed provided by the bootloader was malformed.
633 The seed will be entered into the entropy pool, but it will be
634 considered to contribute no entropy.
635 .It entropy: double-seeded by bootloader
636 A buggy bootloader tried to provide an entropy seed more than once to
639 be considered to contribute no entropy.
642 non-confident sources of entropy for the first time to unblock
644 but it may not have full entropy from a seed or hardware random number
664 .%O NIST Special Publication 800-90A, Revision 1
665 .%U https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final
678 .%O NIST Special Publication 800-90B
679 .%U https://csrc.nist.gov/publications/detail/sp/800-90b/final
684 .%D 2014-02-05
685 .%U http://blog.cr.yp.to/20140205-entropy.html
696 .%P 205-220
697 .%U https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger
717 .An -nosplit
733 Unfortunately, no amount of software engineering can fix that.