[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Kent Borg
kentborg at borg.org
Sun Oct 20 12:54:28 EDT 2013
On 10/20/2013 05:28 AM, ianG wrote:
> Good example. I'm going to get off the fence and say that the RNG
> should never block.
The RNG should be configurable to block.
In the case of Linux's urandom Ted suggested blocking on bits-in and
time, which ever comes first. The question of defaults becomes key.
I suggest that the kernel's default values for these two parameters
should be small enough that nearly no existing user is harmed by the
change, yet many could benefit from not running on empty immediately
after boot.
One question I have is who are typical first users of urandom after
boot? (That is, who will notice if the delay in seconds or bits is too
large, what are they doing, when are they doing it?)
At the larger system level, these parameters could be set explicitly
according to what that system is doing, how it is designed, etc.
-kb
More information about the cryptography
mailing list