Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp936642imm; Wed, 18 Jul 2018 13:24:05 -0700 (PDT) X-Google-Smtp-Source: AAOMgpd5t+iw4/NK0CVCsSVE5PFHZLHwQEt5SGi4P/ozlypCmFXbt6gY9E/ms4mZyTmsyoioklEt X-Received: by 2002:a17:902:1682:: with SMTP id h2-v6mr7206398plh.327.1531945445456; Wed, 18 Jul 2018 13:24:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531945445; cv=none; d=google.com; s=arc-20160816; b=OvxLa4bCD2H0j+mXi+PFwcHXyleeS4ABsn2pj90Gi0bUc9snu9EZqnGvsP1iSKe2eh YGKJjb8HZV9+qMQDJKIje45pNKgjovYvHBJa2ozE7kQMXVO4BbvIpIRrlPiYDW4/eyKW eWUWKJ/oo+XUlkUHLPdCsi/dusx3/BymqXG8DxIP6ANNRJ/7LQupnTUqKnn2oRU2IyvC YLr8RMXzw2I4/L+J9cmFMW5OUm0l1f5S8Zn8oTQnQNGJfjqel4AFt8rMQ8BOzGlP9aFc nYTjuaResjR3OvQaJhBTA8LGr7Tb+Hj1jpCMU82DEGbeI4VuC9eRvFuU6O2AAOw3P900 8lZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=gQt6XCMG+saLSmoFZPV5sQiwJFTqff0BNTC7bL0hgZ0=; b=G6jmVT9Iqbmrhe0xxTT52zltCHyjsq7QEjv7wUAhMUdTlkSM9LnEIwAtzBilEIX+30 vBu6/4HnXywk+BDppeYFCxUFEDn4oLbBp/IeHZUsrORBCQK12R0FX7Gj5/v3dVaLUsyO SPvOxcJhCGR98zxaV0oV9usqr+B/GtlYy+KtsEdc4jgmdflsUGY978NBFnomhoVXsKf1 ua2VnOLWpfnzRa6jhoqWTYwtPIf5isvBxaS1L5lMxXKekqDyDNfs+R1xuCB0nA1MYD6b TDfO9nvh9gbQaBR6uaQH5OSvL86oFXjPwGzlPnDGcYxnQi4T1ydYfUGb5Nx2KwkCyueE 2yNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SqxmGABr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l26-v6si4073881pfj.188.2018.07.18.13.23.50; Wed, 18 Jul 2018 13:24:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SqxmGABr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730567AbeGRVCJ (ORCPT + 99 others); Wed, 18 Jul 2018 17:02:09 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:34502 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729742AbeGRVCJ (ORCPT ); Wed, 18 Jul 2018 17:02:09 -0400 Received: by mail-wr1-f67.google.com with SMTP id c13-v6so5902234wrt.1; Wed, 18 Jul 2018 13:22:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=gQt6XCMG+saLSmoFZPV5sQiwJFTqff0BNTC7bL0hgZ0=; b=SqxmGABrANXnVqdb9QAB+mVkFYf6c/UIJI50hGE+Rvb0VzlzYXK27DBKfBUNWmKZbW /O+2QYGa941FXVoyzEntoUCdfFh5pT4KyqeBW04jaADdl/PTTiFVmLzaALXJ6OBv7Fd8 /LYn6wvWFNQ1tzNMwNPViKVL6BBintiBWV01Mxmuv2JB1UOJKK/1YrL5gUq/aAo7PKcg fxznMFPiKFn3cK0TtqvrCIasw1QRzFWZQXDaPCzL+IYOjxle45HW6+gDQEuAIjZnNedy 2Sh9agWVvssb99BmR2WiuZ1HO4JLQH4KOzZkgomgV7FFEUm02JmhN171B2ofDZiYATcB kooQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=gQt6XCMG+saLSmoFZPV5sQiwJFTqff0BNTC7bL0hgZ0=; b=mTlectL3YnT8sjhbRc34VUVhcJL/qpDmneYAQduIN67fHCPCiVd6nXs7z19gtSp+Z9 iAayOpcLyjHbf9A2NuQJvvAIwUbwN+4yhH4XJ5kbyzU2Q7pl3cMU39CMJSfyKJ9mdtPX t7SlocZWyJzmltdl18SfOf0sUEzj+8gCx3WktTVJTrkw9k1bP53qsgDeZ6uqvJv772Zs ddpBCgIM6oD5gxPA6ND4J/Pr5Nlab4vHZdM0+1e+ocUmQesHOggEdAIZfsSWaOWJ9n14 Lc5K19znzyjj2PLdsgdGW24I/0LFqCI5FwwmQ0/TCDIzqGhT5JYFbk31Te1c6iKe+D7O 79Iw== X-Gm-Message-State: AOUpUlGUCrvIWJo3oZEpzoCyRr2gP1R4sMf/RG908WNb/ok53aiUME2Z UIpLcG2HCVFcR1CtPkxOmumnFwAFfHpLub8Nfbk= X-Received: by 2002:adf:9b11:: with SMTP id b17-v6mr5422889wrc.119.1531945356135; Wed, 18 Jul 2018 13:22:36 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:9784:0:0:0:0:0 with HTTP; Wed, 18 Jul 2018 13:22:35 -0700 (PDT) In-Reply-To: <20180718173621.GC30706@thunk.org> References: <20180718014344.1309-1-tytso@mit.edu> <20180718015154.GE3489@thunk.org> <20180718173621.GC30706@thunk.org> From: Sandy Harris Date: Wed, 18 Jul 2018 16:22:35 -0400 Message-ID: Subject: Re: [PATCH] random: addu a config option to trust the CPU's hwrng To: "Theodore Y. Ts'o" , Sandy Harris , Linux Crypto Mailing List , Linux Kernel Developers List , labbott@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Theodore Y. Ts'o wrote: > For those people who are super paranoid and want a "true > random number generator" (and the meaning of that is hazy) because a > CRNG is Not Enough, my recommendation these days is that they get > something like an open hardware RNG solution, such as ChaosKey from > Altus Metrum[1]. > > [1] https://altusmetrum.org/ChaosKey/ Yes & one of those can also solve any difficulty with random(4) at startup. Another alternative, perhaps easier on some systems, is Denker's Turbid trng: https://www.av8n.com/turbid/paper/turbid.htm