Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262416AbVC2Hrq (ORCPT ); Tue, 29 Mar 2005 02:47:46 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262569AbVC2H1p (ORCPT ); Tue, 29 Mar 2005 02:27:45 -0500 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:49855 "EHLO parcelfarce.linux.theplanet.co.uk") by vger.kernel.org with ESMTP id S262523AbVC2HQD (ORCPT ); Tue, 29 Mar 2005 02:16:03 -0500 Message-ID: <424900A2.8010104@pobox.com> Date: Tue, 29 Mar 2005 02:15:46 -0500 From: Jeff Garzik User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andi Kleen CC: Andrew Morton , cryptoapi@lists.logix.cz, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, jmorris@redhat.com, herbert@gondor.apana.org.au Subject: Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11) References: <20050315133644.GA25903@beast> <20050324042708.GA2806@beast> <20050323203856.17d650ec.akpm@osdl.org> <424324F1.8040707@pobox.com> <20050327171934.GB18506@muc.de> In-Reply-To: <20050327171934.GB18506@muc.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1659 Lines: 50 Andi Kleen wrote: >>We -used- to need data from RNG directly into the kernel randomness > > > Are you sure? I dont think there was ever code to do this in > mainline. There might have been something in -ac*, but not mainline. Yes, I am positive. I wrote the code. Look at the old Intel RNG driver code, before it grew AMD and VIA support, and became hw_random. >>pool. The consensus was that the FIPS testing should be moved to userspace. > > > Consensus from whom? And who says the FIPS testing is useful anyways? lkml. Read the archives. > I think you just need to trust the random generator, it is like > you need to trust any other piece of hardware in your machine. Or do you > check regularly if you mov instruction still works? @) Hardware RNGs -have- failed in the past. And if you are going to credit entropy to the data -- a very big deal -- it damn well better be random data. Otherwise failures cascade through the system. > I think it is a trade off between easy to use and saving of > resources and overly paranoia. With an user space solution > which near nobody uses currently (I am not aware of > any distribution that runs that daemon) Debian does. It's under-use is mainly because nobody has an RNG. > it means most people wont have hardware supported randomness > in their ssh, and I think that is a big drawback. "big drawback" == 99% of users right now. Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/