| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Aug 2016 23:42:55 +0200 From: Pavel Machek <pavel@....cz> To: Theodore Ts'o <tytso@....edu>, Stephan Mueller <smueller@...onox.de>, herbert@...dor.apana.org.au, sandyinchina@...il.com, Jason Cooper <cryptography@...edaemon.net>, John Denker <jsd@...n.com>, "H. Peter Anvin" <hpa@...ux.intel.com>, Joe Perches <joe@...ches.com>, George Spelvin <linux@...izon.com>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v6 0/5] /dev/random - a new approach Hi! > As far as whether or not you can gather enough entropy at boot time, > what we're really talking about how how much entropy we want to assume > can be gathered from interrupt timings, since what you do in your code > is not all that different from what the current random driver is > doing. So it's pretty easy to turn a knob and say, "hey presto, we > can get all of the entropy we need before userspace starts!" But > justifying this is much harder, and using statistical tests isn't > really sufficient as far as I'm concerned. Actually.. I'm starting to believe that getting enough entropy before userspace starts is more important than pretty much anything else. We only "need" 64-bits of entropy, AFAICT. If it passes statistical tests, I'd use it... for initial bringup. We can switch to more conservative estimates when system is fully running. But IMO it is very important to get _some_ randomness at the begining... Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Powered by blists - more mailing lists