Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

From: Evgeniy Polyakov (johnpol_at_2ka.mipt.ru)
Date: 03/29/05

  • Next message: Herbert Xu: "Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)" 
    To: Herbert Xu <herbert@gondor.apana.org.au>
Date:	Tue, 29 Mar 2005 14:50:28 +0400

    On Tue, 2005-03-29 at 20:30 +1000, Herbert Xu wrote:
    > On Tue, Mar 29, 2005 at 12:21:04PM +0200, Pavel Machek wrote:
    > >
    > > What catastrophic consequences? Noone is likely to even *notice*, and
    > > it does not help practical attack at all. Unless hardware RNGs are
    > > *very* flakey (like, more flakey than harddrives), this is not a problem.
    >
    > The reason some people use hardware RNGs in the first place is because
    > they don't trust the software RNGs. When the hardware RNG fails but
    > continues to send data to /dev/random, /dev/random essentially degenerates
    > into a software RNG. Now granted /dev/random is a pretty good software
    > RNG, however, for some purposes it just isn't good enough.

    I think the most people use hardware accelerated devices to
    speed up theirs calculations - embedded world is the best example -
    applications that are written to use /dev/random
    will work just too slow, so hardware vendors
    place HW assistant chips to unload that very cpu-intencive work
    from main CPU.
    Without ability speed this up in kernel, we completely [ok, almost]
    loose all RNG advantages. 

    -- 
        Evgeniy Polyakov
Crash is better than data corruption -- Arthur Grabowski

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: Herbert Xu: "Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)"

    Relevant Pages

    • Re: [RFC] enhanced version of net_random()
      ... >> Keeping the number of PRNGs in the kernel to a minimum should a goal we can ... common, Linux supports hardware RNGs from AMD, Intel, and VIA. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
      ... > The reason some people use hardware RNGs in the first place is because ... Interrupts are not totally unpredictable, either, yet noone runs FIPS ... they should do it all in userspace, probably off interrupt entropy ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [RFC] enhanced version of net_random()
      ... > One problem is that AIUI, we incur this overhead even if a hardware RNG ... > common, Linux supports hardware RNGs from AMD, Intel, and VIA. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
      ... The reason some people use hardware RNGs in the first place is because ... using data from the software RNG when the hardware has failed ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)