Re: [RFC] frandom - fast random generator module

From: Matt Mackall
Date: Thu Oct 16 2003 - 12:46:38 EST

Next message: David Mosberger-Tang: "Re: [RFC] frandom - fast random generator module"
Previous message: Andrea Arcangeli: "Re: Transparent compression in the FS"
In reply to: David Wagner: "Re: [RFC] frandom - fast random generator module"
Next in thread: Andreas Dilger: "Re: [RFC] frandom - fast random generator module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 16, 2003 at 10:20:20AM -0600, Andreas Dilger wrote:
> On Oct 16, 2003 07:29 -0400, Jeff Garzik wrote:
> > Eli Billauer wrote:
> > > I suppose you're asking why having a /dev/frandom device at all. Why not
> > > let everyone write their own little random generator (based upon
> > > well-known C functions) whenever random data is needed.
> > >
> > > There are plenty of handy things in the kernel, that could be done in
> > > userspace. /dev/zero is my favourite example, but I'm sure there are
> > > other cases where things were put in the kernel simply because people
> > > found them handy. Which is a good reason, if you ask me.
> >
> > This is completely bogus logic. I can use this (incorrect) argument to
> > similar push for applications doing bsearch(3) or qsort(3) via a system
> > call.
> >
> > When the _implementation_ requires that a piece of code be in-kernel
> > (for performance or security, usually), it is.
>
> Actually, there are several applications of low-cost RNG inside the kernel.
>
> For Lustre we need a low-cost RNG for generating opaque 64-bit handles in
> the kernel. The use of get_random_bytes() showed up near the top of
> our profiles and we had to invent our own low-cost crappy PRNG instead (it's
> good enough for the time being, but when we start working on real security
> it won't be enough).

Is this SMP? If so, how many processors? I wonder if you might be
running into some lock contention in the pool entropy transfer -
there's a lock held while mixing new samples into a given pool that
could potentially be a hit.

Beyond that, there are a couple small multiples that can be squeezed
out of the extraction path for a total of 5-10x.

> The tcp sequence numbers probably do not need to be crypto-secure (I could
> of course be wrong on that ;-)

Indeed you are.

--
Matt Mackall : http://www.selenic.com : Linux development and consulting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Mosberger-Tang: "Re: [RFC] frandom - fast random generator module"
Previous message: Andrea Arcangeli: "Re: Transparent compression in the FS"
In reply to: David Wagner: "Re: [RFC] frandom - fast random generator module"
Next in thread: Andreas Dilger: "Re: [RFC] frandom - fast random generator module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]