Le 20/02/2015 12:24, Fredrik Pettai a écrit :
Are there any (continues) selftests performed on the data that comes out of fast/strong? pkgsrc/security/ent exists, and gives a some analyses. I noted that someone ported rngtest (from debian’s rngtools) to FreeBSD https://github.com/waitman/rngtest (but I don’t know if compiles/works on NetBSD)
Yes for cprng_strong, but this gets tested at kernel level, not from userland. cprng_fast is self-tested upon init with chacha20 test vectors. hw RNG are tested only upon attachment.
These tests are statistical though and can fail. They only catch bugs at code level (like someone patched the code and it starts outputing streams of nulls...), but they cannot ensure that the output is truly random or not. This is a property expected from the stream cipher and it cannot ensure that the PRNG is a "true" RNG.
Userland testing has limited functionality too: the CPRNG states are not shared between kernel/userland and between processes. So results you might obtain from a binary that tests random,urandom are not immediately applicable to the rest of the system... except in case of a catastrophic failure in kernel code of course.
-- Jean-Yves Migeon