chip-level randomness?
Pawel Krawczyk
kravietz at aba.krakow.pl
Wed Sep 19 14:40:37 EDT 2001
On Wed, Sep 19, 2001 at 01:12:44AM -0700, Bram Cohen wrote:
> > not necessary in general case
> Since most applications reading /dev/random don't want random numbers
> anyway?
Here I meant exactly what you said about /dev/random religion. On the
other hand feeding the /dev/random with i810 during normal system
operation is not bad idea, as /dev/random is not a PRNG but pool,
that can be emptied if not feed enough from other semi-random events
(interrupts, keyboard).
> At startup and with 200 bits of data would be fine.
> Of course, there's the religion of people who say that /dev/random output
> 'needs' to contain 'all real' entropy, despite the absolute zero increase
> in security this results in and the disastrous effect it can have on
> performance.
Ok, I get your point now. I'm not sure if reading a blocking device
(i810) from kernel is a very good idea, however. That's sort of things
that is very good suited for userland, when the system goes multiuser
and multiprocess.
Actually, it would be a quite good idea for the Linux distribution
vendors to add a "dd if=/dev/intel_rng of=/dev/random bs=1k count=1" to
the PRNG initialization scripts. If it fails, then you probably don't
have i810 and everything works the old way... Maybe it's even already
done, as the author of i810 daemon seems to be from MandrakeSoft.
--
Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/>
security: <http://ipsec.pl/> *** fidonet: 2:486/23
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list