Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andi Kleen wrote:
We -used- to need data from RNG directly into the kernel randomness


Are you sure? I dont think there was ever code to do this in
mainline. There might have been something in -ac*, but not mainline.

Yes, I am positive. I wrote the code. Look at the old Intel RNG driver code, before it grew AMD and VIA support, and became hw_random.


pool.  The consensus was that the FIPS testing should be moved to userspace.


Consensus from whom? And who says the FIPS testing is useful anyways?

lkml.  Read the archives.

I think you just need to trust the random generator, it is like
you need to trust any other piece of hardware in your machine. Or do you check regularly if you mov instruction still works? @)

Hardware RNGs -have- failed in the past. And if you are going to credit entropy to the data -- a very big deal -- it damn well better be random data. Otherwise failures cascade through the system.


I think it is a trade off between easy to use and saving of resources and overly paranoia. With an user space solution which near nobody uses currently (I am not aware of any distribution that runs that daemon)

Debian does.

It's under-use is mainly because nobody has an RNG.


it means most people wont have hardware supported randomness
in their ssh, and I think that is a big drawback.

"big drawback" == 99% of users right now.

	Jeff


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux