Re: Continuing /dev/random problems with 2.4

Jeff Garzik (garzik@havoc.gtf.org)
Fri, 1 Feb 2002 15:28:29 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Garzik: "Re: Continuing /dev/random problems with 2.4"
Previous message: H. Peter Anvin: "Re: Continuing /dev/random problems with 2.4"

On Fri, Feb 01, 2002 at 12:12:37PM -0800, H. Peter Anvin wrote:
> Andreas Dilger wrote:
> > Maybe, i8XX hardware RNG should feed the /dev/random entropy pool
> > directly if you enable the chipset support (with an option to turn
> > it off if you want to use the user-space tools or a separate RNG),
> > so that people get the benefits of the h/w RNG without having to
> > install another tool (which they won't know about)?

> "Let's put it in the kernel because people are too stupid to install it
> otherwise"?

There actually used to be a timer function in i810_rng driver which
directly added entropy to the pool. batch_entropy_store was exported in
order to do this.

However, that was just the quick and dirty way. You DO NOT want to do
this in the kernel, because one must perform fitness tests on the random
data before adding it to the kernel's /dev/[u]random entropy pool.
Putting proper fitness tests into the kernel is just plain code bloat.

Therefore, RNG drivers -must- deal with a userspace agent in order to be
properly used, and properly secure.

The userspace tools for i810 RNG specifically are available at the
website URL mentioned in the source code. So if somebody cannot find
them, feel free to laugh.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: Continuing /dev/random problems with 2.4"
Previous message: H. Peter Anvin: "Re: Continuing /dev/random problems with 2.4"