On Fri, 2005-03-25 at 17:33 +1100, Herbert Xu wrote:
> On Fri, Mar 25, 2005 at 09:34:19AM +0300, Evgeniy Polyakov wrote:
> >
> > Such hardware is used mostly in embedded world where SW crypto
> > processing
> > is too expensive, so users of such HW likely want to trust to
> > theirs hardware and likely will turn in on.
>
> That's fine. All you need for these embedded users is a user-space
> daemon that feeds data from the hardware directly into /dev/random.
> No matter how small your system is, I'm sure you can spare a few
> hundred bytes for such a thing.
>
> In fact most of these systems will have some sort of a general-purpose
> daemon that sits around which can perform such a task.
>
> System calls on Linux are fast enough that there is really no
> advantage in doing this in the kernel.
>
> But if you're really desparate, write a kernel module that does this
> in a kernel thread.
It is not only about userspace/kernelspace system calls and data
copying,
but about whole revalidation process, which can and is quite expensive,
due to system calls, copying and validating itself,
I even think that using userspace rng daemon is completely useless for
crypto HW devices - it is faster to obtain entropy from interrupts,
than revalidating it in that way.
And what about initial bootup? When system needs to create randoom
IP/dhcp/any ids? What about small router?
There are too many cases where userspace validation is just making
things worse.
--
Evgeniy Polyakov
Crash is better than data corruption -- Arthur Grabowski
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- References:
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: David McCullough <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Evgeniy Polyakov <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Jeff Garzik <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Evgeniy Polyakov <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Jeff Garzik <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Evgeniy Polyakov <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Jeff Garzik <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Evgeniy Polyakov <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Herbert Xu <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Evgeniy Polyakov <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- From: Herbert Xu <[email protected]>
- Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- Prev by Date: Re: 2.6.12-rc1-mm2
- Next by Date: Re: Disc driver is module, software suspend fails
- Previous by thread: Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- Next by thread: Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
- Index(es):
 |