| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 May 2008 19:29:41 -0300 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: Jeff Garzik <jeff@...zik.org> Cc: Theodore Tso <tytso@....edu>, Chris Peterson <cpeterso@...terso.com>, "Kok, Auke" <auke-jan.h.kok@...el.com>, Rick Jones <rick.jones2@...com>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com>, Alan Cox <alan@...rguk.ukuu.org.uk>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM On Thu, 15 May 2008, Jeff Garzik wrote: > rngd is already deployed in most distros, via rng-tools. Motivated > people are welcome to steal maintainership from me... I was, once. But I got into the trap of getting too out of sync from upsteam rngd, and suddenly, packaging all those changes into incremental patches become too much non-fun work for me to find the energy to do so. It has been a few years since I really looked at that code, except for a few minor Debian packaging fixes. It is old code, and if my C is not world-class now, it was even worse at that time. But at least valgrind tells me I fixed the worst bugs, and FIPS 140-2 (the old version of it that still had criteria for non-deterministic RNGs) and DIEHARD couldn't find any issues with its output after several runs on gigabyte-sized files produced both from an Intel FWH RNG, and from a VIA PadLock RNG. If anyone wants to poke at it, get the Debian rng-tools source package. It directly supports the VIA PadLock in userspace in a suitably paranoid mode (checks that the RNG was not reprogrammed at every read), and does multithreading so that FIPS and output processing does not block (nor gets blocked) by /dev/hw_random reading, etc. Lots of cowebs on it, though. And you probably need to get the version in Debian unstable AND the version in Debian experimental, to get the full code. If someone really wants to work on it, I can send the VC repo for them to play with. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists