[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9ooV1HRGO4bLsNKqv1EjDsUYsM6TcMbmEL=4CejTB+1ZQ@mail.gmail.com>
Date: Wed, 23 Dec 2020 15:32:55 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Petr Tesarik <ptesarik@...e.cz>
Cc: Torsten Duwe <duwe@....de>,
Marcelo Henrique Cerri <marcelo.cerri@...onical.com>,
"Theodore Y. Ts'o" <tytso@....edu>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Stephan Müller <smueller@...onox.de>,
Willy Tarreau <w@....eu>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Nicolai Stange <nstange@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"Alexander E. Patrakov" <patrakov@...il.com>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>,
Andy Lutomirski <luto@...nel.org>,
Florian Weimer <fweimer@...hat.com>,
Lennart Poettering <mzxreary@...inter.de>,
Peter Matthias <matthias.peter@....bund.de>,
Neil Horman <nhorman@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>,
Julia Lawall <julia.lawall@...ia.fr>,
Dan Carpenter <dan.carpenter@...cle.com>,
And y Lavr <andy.lavr@...il.com>,
Eric Biggers <ebiggers@...nel.org>,
Ard Biesheuvel <ardb@...nel.org>, simo@...hat.com
Subject: Re: drivers/char/random.c needs a (new) maintainer
On Wed, Dec 23, 2020 at 3:17 PM Petr Tesarik <ptesarik@...e.cz> wrote:
> Upfront, let me admit that SUSE has a vested interest in a FIPS-certifiable Linux kernel.
Sorry, but just because you have a "vested interest", or a financial
interest, or because you want it does not suddenly make it a good
idea. The idea is to have good crypto, not to merely check some boxes
for the bean counters.
For example, it's very unlikely that future kernel RNGs will move to
using AES, due to the performance overhead involved on non-table-based
implementations, and the lack of availability of FPU/AES-NI in all the
contexts we need. NT's fortuna machine can use AES, because NT allows
the FPU in all contexts. We don't have that luxury (or associated
performance penalty).
I would, however, be interested in a keccak-based construction. But
just using the keccak permutation does not automatically make it
"SHA-3", so we're back at the same issue again. FIPS is simply not
interesting for our requirements.
Jason
Powered by blists - more mailing lists