Hi,
I have an idea: I have a couple of linux-systems running in a intranet which
is not connected to do outside world in any way. Since they're only used for
calculations for which there is no harm if anyone would tamper with them,
security is not neccessary. The only thing important, is performance. Huge
amounts of data must be transferred inbetween these boxes.
So, I was wondering: isn't it a nice idea to have a switch in the
configuration menu to disable entropy-gathering in the interrupt-routines,
have some simplistic routine (like x'=(x * m + a) % p) which returns a non-
cryptographic value, and something similar symplistic for the network-
traffic routines?
Thank you.
Folkert van Heusden
[ http://www.vanheusden.com ]
Do you think it worth an effort ?
--
Andrey Panin | Embedded systems software engineer
[email protected] | PGP key: http://www.orbita1.ru/~pazke/AndreyPanin.asc
AP> Do you think it worth an effort ?
One could ask this question for all optimalisations.
In fact; for every project.
On Tue, Apr 10, 2001 at 02:35:52PM +0200, Heusden, Folkert van wrote:
> Hi,
>
> I have an idea: I have a couple of linux-systems running in a intranet which
> is not connected to do outside world in any way. Since they're only used for
> calculations for which there is no harm if anyone would tamper with them,
> security is not neccessary. The only thing important, is performance. Huge
> amounts of data must be transferred inbetween these boxes.
> So, I was wondering: isn't it a nice idea to have a switch in the
> configuration menu to disable entropy-gathering in the interrupt-routines,
> have some simplistic routine (like x'=(x * m + a) % p) which returns a non-
> cryptographic value, and something similar symplistic for the network-
> traffic routines?
Have you already tried to measure how much impact has entropy
gathering on the overall performances? Something like the Linux Trace
Toolkit (http://www.opersys.com/LTT/) could be of help here.
I doubt such optimization is useful to the mainstream kernel tree,
but it would be interesting to compare numbers nonetheless.
Ciao,
Andrea Glorioso
On Tue, Apr 10, 2001 at 02:35:52PM +0200, Heusden, Folkert van wrote:
> So, I was wondering: isn't it a nice idea to have a switch in the
> configuration menu to disable entropy-gathering in the interrupt-routines,
> have some simplistic routine (like x'=(x * m + a) % p) which returns a non-
> cryptographic value, and something similar symplistic for the network-
> traffic routines?
No, that's a very bad idea. If you think it's a problem, just remove
the random driver altogether. It's much better for something to get
ENXIO rather than thinking it's getting real randomness.
You can still get TCP sequence numbers by sampling the cycle counter or
something.
J