Re: Intel 810 Random Number Generator

• Next message: James A Simmons: "Re: Framebuffer & 2.3.39"
• Previous message: Jesse Pollard: "Re: SMP"
• In reply to: Sandy Harris: "Re: Intel 810 Random Number Generator"
• Next in thread: Pavel Machek: "Re: Intel 810 Random Number Generator"
• Reply: Pavel Machek: "Re: Intel 810 Random Number Generator"
• Reply: Frank v Waveren: "Re: Intel 810 Random Number Generator"
• Reply: Jeremy Fitzhardinge: "Re: Intel 810 Random Number Generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sandy Harris wrote:
>
> Jeff Garzik wrote:
>
> > Is it feasible to offer a compile-time option which simply replaces
> > /dev/random?
>
> Methinks that would be an error. You'd be trusting the RNG too much.
> Use it as an input to /dev/random by all means, but not as a
> replacement.

Either you trust RNG or you don't. There is no middle ground.

If you do not trust RNG, then using it as a /dev/random entropy source
is pointless. Why introduce theoretically non-random entropy to the
/dev/random pool?

If you trust RNG, there is no reason why you couldn't use it for all
your /dev/random data.

HOWEVER -- that being said, I am thinking more and more that using RNG
simply as an additional source for entropy is the best method, because
that allows it to be seamlessly integrated into the existing /dev/random
system, while also being easily disabled with "echo 0 > /proc/sys/rng"
or similar.

> There are lots of non-Intel CPUs out there, and Intel chipsets
> without the RNG. How do you ensure no one will ever compile with the
> wrong switches, or that the system remains secure if they do?

This is a trivial problem.
If the kernel is compiled without RNG support, the current state of the
world exists.
If the kernel is compiled with RNG support and the mobo also supports
RNG, then driver will detect that.
If the kernel is compiled with RNG support and the mobo doesn't support
RNG, then the driver can easily detect that condition too.

> I'm not sure we are on publication and analysis of the design, which
> is essential before it can be trusted for security-critical functions.

One's trust of Intel is a non-technical issue ;)

Testing is pretty much the holy grail here...

Intel's RNG is the first large-scale hardware encryption[-related]
device to make it into the hands of a lot of PC users... but you can bet
there will be more down the road. These issues will be popping up again
and again.

        Jeff

-- 
Jeff Garzik         | Andre the Giant has a posse.
Building 1024       |
MandrakeSoft, Inc.  |
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: James A Simmons: "Re: Framebuffer & 2.3.39"
• Previous message: Jesse Pollard: "Re: SMP"
• In reply to: Sandy Harris: "Re: Intel 810 Random Number Generator"
• Next in thread: Pavel Machek: "Re: Intel 810 Random Number Generator"
• Reply: Pavel Machek: "Re: Intel 810 Random Number Generator"
• Reply: Frank v Waveren: "Re: Intel 810 Random Number Generator"
• Reply: Jeremy Fitzhardinge: "Re: Intel 810 Random Number Generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:12 EST