lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070823144114.GE22638@piche.inl.fr>
Date:	Thu, 23 Aug 2007 16:41:14 +0200
From:	Pierre Chifflier <p.chifflier@....fr>
To:	Henrique de Moraes Holschuh <hmh@....eng.br>
Cc:	Pierre Chifflier <p.chifflier@....fr>, linux-kernel@...r.kernel.org
Subject: Re: intel_rng: FWH not detected (and no entropy)

On Thu, Aug 23, 2007 at 09:53:04AM -0300, Henrique de Moraes Holschuh wrote:
> On Thu, 23 Aug 2007, Pierre Chifflier wrote:
> > I'm not sure the mhat a hardware RNG is present, so I want to check.
> 
> Open the mobo, and locate all FLASH chips.  If one of them is a 82802AB or
> 82802AC, then you *MIGHT* have an Intel FWH with a HRNG (some of the FWHs
> have their RNGs disabled, and since Intel stopped guaranteeing the RNG is
> there, they would install one such FWH in their boards just the same).  If
> none are a 82802AB or 82802AC, you don't have an Intel FWH with a HRNG.
> 
> Even if you had an Intel board that is known to sometimes have an Intel FWH
> with an RNG, like the D875PBZ, that wouldn't mean much.  They could have
> used an non-Intel equivalent part for that production run, for unknown
> reasons.  You really have to check.

Well, I've seen nothing more than the 82801DB (which was listed in
lspci). So maybe there is no HRNG :(

This leaves the main problem, which is the lack of entropy. Does anyone
have an idea on how to solve this problem ?
It appeared with recent kernels. For ex, 2.6.8 had an entropy pool
always > 3000, while 2.6.18 and other recent kernels show ~ 150.

# sysctl kernel.random.poolsize
kernel.random.poolsize = 4096
# sysctl kernel.random.entropy_avail
kernel.random.entropy_avail = 196

This is really annoying, since the box should also use SSL/TLS
operations, and it will be real slow ..

Regards,
Pierre
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ