diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-18 10:01:21 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-05-18 10:01:54 +0200 |
commit | 82b64a5a8102eba2dfa3624247720a1c40f6ae8c (patch) | |
tree | 7dfacfea67033416f60784885ba00ce6c017f41c /src/random.h | |
parent | c89a63412e8549e9e2e13a09afefbe17babb50d5 (diff) | |
parent | 3cb9ce85d0c6d01217babf0df7efc2eabde1b12f (diff) |
Merge #15224: Add RNG strengthening (10ms once every minute)
3cb9ce85d0c6d01217babf0df7efc2eabde1b12f Document strenghtening (Pieter Wuille)
1d207bc46f995ad3b5ae89bb504affaca09d10b1 Add hash strengthening to the RNG (Pieter Wuille)
Pull request description:
This patch improves the built-in RNG using hash strengthening.
At startup, and once every minute, 32 bytes of entropy are produced from the RNG, repeatedly hashed using SHA512 for 10ms, and then fed back into the RNG, together with high-precision timestamps obtained every 1000 iterations.
ACKs for commit 3cb9ce:
pstratem:
utACK 3cb9ce85d0c6d01217babf0df7efc2eabde1b12f
Tree-SHA512: 4fb6f61639b392697beb81c5f0903f79f10dd1087bed7f34de2abb5c22704a671e37b2d828ed141492491863efb1e7d1fa04408a1d32c9de2f2cc8ac406bbe57
Diffstat (limited to 'src/random.h')
-rw-r--r-- | src/random.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/random.h b/src/random.h index 2f9c0f5a36..75d037738d 100644 --- a/src/random.h +++ b/src/random.h @@ -43,6 +43,7 @@ * - RandAddSeedSleep() seeds everything that fast seeding includes, but additionally: * - A high-precision timestamp before and after sleeping 1ms. * - (On Windows) Once every 10 minutes, performance monitoring data from the OS. + - - Once every minute, strengthen the entropy for 10 ms using repeated SHA512. * These just exploit the fact the system is idle to improve the quality of the RNG * slightly. * @@ -51,6 +52,7 @@ * - 256 bits from the hardware RNG (rdseed or rdrand) when available. * - (On Windows) Performance monitoring data from the OS. * - (On Windows) Through OpenSSL, the screen contents. + * - Strengthen the entropy for 100 ms using repeated SHA512. * * When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, and * (up to) the first 32 bytes of H are produced as output, while the last 32 bytes |