Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Herbert Xu wrote:

You missed the point.  This has nothing to do with the crypto API.
Jeff is saying that if this is disabled by default, then only a few
users will enable it and therefore use this API.

Since we can't afford to enable it by default as hardware RNG may
fail which can lead to catastrophic consequences, there is no point
for this API at all.

Wait a minute, if it fails the system drops back to software, which is not as good in a pedantic analysis, but perhaps falls a good bit short of "catastrophic consequences" as most people would characterize that phrase. And more to the point, now that many CPUs and chipsets are the RNG of choice, what is the actual probability of a failure of the RNG leaving a functional system (that's a real question seeking response from someone who has some actual data).

It would be desirable for the kernel to detect a failure and do something appropriate, but I have to feel that if an RNG is in the CPU or chipset, it would serve users better to use it. By default. People who need quality entropy would be better served by a hardware source, and people who don't (or fail to realize they do) would not be hurt by use of better numbers.

I'm not sure you would get people to agree what should be done if a hardware RNG fails, other than make the failure information available to user space.

--
   -bill davidsen ([email protected])
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux