lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 Oct 2006 23:03:58 +0200 (CEST)
From:	Paul Wouters <paul@...erance.com>
To:	Gabor Gombas <gombasg@...aki.hu>
cc:	fedora-xen@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: more random device badness in 2.6.18 :(

On Tue, 10 Oct 2006, Gabor Gombas wrote:

> Why should Openswan touch /dev/hw_random directly?

Because using /dev/random whlie /dev/hw_random is available does not always
work (eg with padlock)

> $ apt-cache show rng-tools
>  [...]
>  The rngd daemon acts as a bridge between a Hardware TRNG (true random number
>  generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
>  PRNG (pseudo-random number generator).
>  .
>  It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
>  tests to verify that it is indeed random, and feeds the random data to the
>        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>  kernel entropy pool.
>  [...]
>
> There is a good reason why /dev/hw_random is different from /dev/random...

Why is this happening in userland? Will rng-tools run on every bare Linux
system now? Including embedded systems? How about xen guests who don't have
direct access to the host's hardware (or software) random?

Why is this entropy management not part of the kernel? So for Openswan to
work correctly, it would need to depend on another daemon that may or may
not be available and/or running?

I still believe /dev/random should just give the best random possible for
the machine. Wether that is software random, or a piece of hardware, should
not matter. That's the kernel's internal state and functioning.

But thanks for the software pointer.

Paul
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ