Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)

[Jeff Garzik]

Andi Kleen wrote:
> > We -used- to need data from RNG directly into the kernel randomness 
>
>
> Are you sure? I dont think there was ever code to do this in
> mainline. There might have been something in -ac*, but not mainline.

Yes, I am positive.  I wrote the code.  Look at the old Intel RNG driver 
code, before it grew AMD and VIA support, and became hw_random.


> > pool.  The consensus was that the FIPS testing should be moved to userspace.
>
>
> Consensus from whom? And who says the FIPS testing is useful anyways?

lkml.  Read the archives.

> I think you just need to trust the random generator, it is like
> you need to trust any other piece of hardware in your machine. Or do you 
> check regularly if you mov instruction still works? @)

Hardware RNGs -have- failed in the past.  And if you are going to credit 
entropy to the data -- a very big deal -- it damn well better be random 
data.  Otherwise failures cascade through the system.


> I think it is a trade off between easy to use and saving of 
> resources and overly paranoia. With an user space solution
> which near nobody uses currently (I am not aware of 
> any distribution that runs that daemon)

Debian does.

It's under-use is mainly because nobody has an RNG.


> it means most people wont have hardware supported randomness
> in their ssh, and I think that is a big drawback.

"big drawback" == 99% of users right now.

	Jeff


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/