Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)

[Jeff Garzik]

Evgeniy Polyakov wrote:
> On Thu, 2005-03-24 at 15:56 -0500, Jeff Garzik wrote:
> > See the earlier discussion, when data validation was -removed- from the 
> > original Intel RNG driver, and moved to userspace.
>
> I'm not arguing against userspace validation, but if data produced
> _is_ cryptographically strong, why revalidate it again?

You cannot prove this without validating the data in software.

Otherwise, you are not handling the hardware-fault case.

It is foolish to presume that hardware always works correctly.  It is 
-very- foolish to presume this, in cryptography.


> And how HIFN driver can contribute entropy?

Use the current chrdev->rngd method.


> You may say, that hardware can be broken and thus produces 
> wrong data, but if user want, it can turn it on or off.

The user cannot know the data is bad unless it is constantly being 
validated.

	Jeff


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/