On Mar 29, 2005, at 17:02, Bill Davidsen wrote:
Wait a minute, if it fails the system drops back to software,
Does it? It would seem that if it fails and begins returning
all zeroes, then the seed function would (depending on the
implementation) be called like this:
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes("\0\0\0\0".... , 4096);
[...]
Or:
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes(soft_random() , 64);
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes(soft_random() , 64);
[...]
In either case, it's very bad, and will likely return cause
some _very_ predictable data to be emitted.
I'm not sure you would get people to agree what should be
done if a hardware RNG fails, other than make the failure
information available to user space.
How do you know if it fails? You know when your disk fails
and begins giving bad data because the filesystem detects
that the data is invalid, but how do you tell when your
random number generator starts giving bad data? AFAIK, the
only way to do that is to continuously monitor the random
data produced and _immediately_ stop the data flow when
you start getting bad data. That should only be done from
a userspace rngd-type daemon.
Cheers,
Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
!y?(-)
------END GEEK CODE BLOCK------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
