2 * Physically random numbers (very nearly uniform)
4 * Modified by Matt Blaze 7/95
7 * The authors of this software are Don Mitchell and Matt Blaze.
8 * Copyright (c) 1995 by AT&T.
9 * Permission to use, copy, and modify this software without fee
10 * is hereby granted, provided that this entire notice is included in
11 * all copies of any software which is or includes a copy or
12 * modification of this software and in all copies of the supporting
13 * documentation for such software.
15 * This software may be subject to United States export controls.
17 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
19 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
20 * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
24 * WARNING: depending on the particular platform, raw_truerand()
25 * output may be biased or correlated. In general, you can expect
26 * about 16 bits of "pseudo-entropy" out of each 32 bit word returned
27 * by truerand(), but it may not be uniformly diffused. You should
28 * raw_therefore run the output through some post-whitening function
29 * (like MD5 or DES or whatever) before using it to generate key
30 * material. (RSAREF's random package does this for you when you feed
31 * raw_truerand() bits to the seed input function.)
33 * The application interface, for 8, 16, and 32 bit properly "whitened"
34 * random numbers, can be found in trand8(), trand16(), and trand32().
35 * Use those instead of calling raw_truerand() directly.
37 * The basic idea here is that between clock "skew" and various
38 * hard-to-predict OS event arrivals, counting a tight loop will yield
39 * a little (maybe a third of a bit or so) of "good" randomness per
40 * interval clock tick. This seems to work well even on unloaded
41 * machines. If there is a human operator at the machine, you should
42 * augment truerand with other measure, like keyboard event timing.
43 * On server machines (e.g., when you need to generate a
44 * Diffie-Hellman secret) truerand alone may be good enough.
46 * Test these assumptions on your own platform before fielding a
47 * system based on this software or these techniques.
49 * This software seems to work well (at 10 or so bits per
50 * raw_truerand() call) on a Sun Sparc-20 under SunOS 4.1.3 and on a
51 * P100 under BSDI 2.0. You're on your own elsewhere.
55 #include "t_defines.h"
66 static unsigned volatile count
72 static unsigned ocount
;
73 static unsigned buffer
;
78 struct itimerval it
, oit
;
80 it
.it_interval
.tv_sec
= 0;
81 it
.it_interval
.tv_usec
= 0;
82 it
.it_value
.tv_sec
= 0;
83 it
.it_value
.tv_usec
= 16665;
84 if (setitimer(ITIMER_REAL
, &it
, &oit
) < 0)
100 (void) signal(SIGALRM
, interrupt
);
109 count
^= (count
>>3) ^ (count
>>6) ^ ocount
;
112 buffer
= (buffer
<<3) ^ count
;
118 (void) signal(SIGALRM
, interrupt
);
126 count
++; /* about 1 MHz on VAX 11/780 */
128 count
^= (count
>>3) ^ (count
>>6) ^ ocount
;
131 buffer
= (buffer
<<3) ^ count
;
This page took 0.053328 seconds and 5 git commands to generate.