Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-03-25 at 17:33 +1100, Herbert Xu wrote:
> On Fri, Mar 25, 2005 at 09:34:19AM +0300, Evgeniy Polyakov wrote:
> >
> > Such hardware is used mostly in embedded world where SW crypto
> > processing
> > is too expensive, so users of such HW likely want to trust to 
> > theirs hardware and likely will turn in on.
> 
> That's fine.  All you need for these embedded users is a user-space
> daemon that feeds data from the hardware directly into /dev/random.
> No matter how small your system is, I'm sure you can spare a few
> hundred bytes for such a thing.
> 
> In fact most of these systems will have some sort of a general-purpose
> daemon that sits around which can perform such a task.
> 
> System calls on Linux are fast enough that there is really no
> advantage in doing this in the kernel.
> 
> But if you're really desparate, write a kernel module that does this
> in a kernel thread.

It is not only about userspace/kernelspace system calls and data
copying,
but about whole revalidation process, which can and is quite expensive,
due to system calls, copying and validating itself,
I even think that using userspace rng daemon is completely useless for 
crypto HW devices - it is faster to obtain entropy from interrupts, 
than revalidating it in that way.
And what about initial bootup? When system needs to create randoom
IP/dhcp/any ids? What about small router?
There are too many cases where userspace validation is just making
things worse.

-- 
        Evgeniy Polyakov

Crash is better than data corruption -- Arthur Grabowski

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux