Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-03-24 at 07:48 -0500, Jeff Garzik wrote:
> Evgeniy Polyakov wrote:
> > On Thu, 2005-03-24 at 14:27 +1000, David McCullough wrote:
> > 
> >>Hi all,
> >>
> >>Here is a small patch for 2.6.11 that adds a routine:
> >>
> >>	add_true_randomness(__u32 *buf, int nwords);
> >>
> >>so that true random number generator device drivers can add a entropy
> >>to the system.  Drivers that use this can be found in the latest release
> >>of ocf-linux,  an asynchronous crypto implementation for linux based on
> >>the *BSD Cryptographic Framework.
> >>
> >>	http://ocf-linux.sourceforge.net/
> >>
> >>Adding this can dramatically improve the performance of /dev/random on
> >>small embedded systems which do not generate much entropy.
> > 
> > 
> > People will not apply any kind of such changes.
> > Both OCF and acrypto already handle all RNG cases - no need for any kind
> > of userspace daemon or entropy (re)injection mechanism.
> > Anyone who want to use HW randomness may use OCF/acrypto mechanism.
> > For example here is patch to enable acrypto support for hw_random.c
> > It is very simple and support only upto 4 bytes request, of course it
> > is 
> > not interested for anyone, but it is only 2-minutes example:
> 
> If you want to add entropy to the kernel entropy pool from hardware RNG, 
> you should use the userland daemon, which detects non-random (broken) 
> hardware and provides throttling, so that RNG data collection does not 
> consume 100% CPU.
> 
> If you want to use the hardware RNG directly, it's simple:  just open 
> /dev/hw_random.
> 
> Hardware RNG should not go kernel->kernel without adding FIPS tests and 
> such.

hw_random can not and will not support HIFN, freescale, ixp and 
great majority of the existing and future HW crypto devices.
I mean that userspace daemon(or any other one) which want to contribute
entropy
should use crypto framwork to obtain all it's data, but not different
access methods for each separate driver.

> 	Jeff

-- 
        Evgeniy Polyakov

Crash is better than data corruption -- Arthur Grabowski

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux