Merge #15224: Add RNG strengthening (10ms once every minute)

3cb9ce85d0 Document strenghtening (Pieter Wuille) 1d207bc46f Add hash strengthening to the RNG (Pieter Wuille) Pull request description: This patch improves the built-in RNG using hash strengthening. At startup, and once every minute, 32 bytes of entropy are produced from the RNG, repeatedly hashed using SHA512 for 10ms, and then fed back into the RNG, together with high-precision timestamps obtained every 1000 iterations. ACKs for commit 3cb9ce: pstratem: utACK 3cb9ce85d0 Tree-SHA512: 4fb6f61639b392697beb81c5f0903f79f10dd1087bed7f34de2abb5c22704a671e37b2d828ed141492491863efb1e7d1fa04408a1d32c9de2f2cc8ac406bbe57
2025-11-10 22:18:54 +01:00 · 2019-05-18 10:01:21 +02:00
parent c89a63412e 3cb9ce85d0
commit 82b64a5a81
2 changed files with 56 additions and 4 deletions
--- a/src/random.h
+++ b/src/random.h
@@ -43,6 +43,7 @@
 * - RandAddSeedSleep() seeds everything that fast seeding includes, but additionally:
 *   - A high-precision timestamp before and after sleeping 1ms.
 *   - (On Windows) Once every 10 minutes, performance monitoring data from the OS.
+ -   - Once every minute, strengthen the entropy for 10 ms using repeated SHA512.
 *   These just exploit the fact the system is idle to improve the quality of the RNG
 *   slightly.
 *
@@ -51,6 +52,7 @@
 * - 256 bits from the hardware RNG (rdseed or rdrand) when available.
 * - (On Windows) Performance monitoring data from the OS.
 * - (On Windows) Through OpenSSL, the screen contents.
+ * - Strengthen the entropy for 100 ms using repeated SHA512.
 *
 * When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, and
 * (up to) the first 32 bytes of H are produced as output, while the last 32 bytes