From: Herbert Xu <herbert@gondor.apana.org.au>
To: Pavel Machek <pavel@ucw.cz>
Cc: Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
Jeff Garzik <jgarzik@pobox.com>,
David McCullough <davidm@snapgear.com>,
cryptoapi@lists.logix.cz, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, Andrew Morton <akpm@osdl.org>,
James Morris <jmorris@redhat.com>
Subject: Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)
Date: Tue, 29 Mar 2005 20:30:49 +1000 [thread overview]
Message-ID: <20050329103049.GB19541@gondor.apana.org.au> (raw)
In-Reply-To: <20050329102104.GB6496@elf.ucw.cz>
On Tue, Mar 29, 2005 at 12:21:04PM +0200, Pavel Machek wrote:
>
> What catastrophic consequences? Noone is likely to even *notice*, and
> it does not help practical attack at all. Unless hardware RNGs are
> *very* flakey (like, more flakey than harddrives), this is not a problem.
The reason some people use hardware RNGs in the first place is because
they don't trust the software RNGs. When the hardware RNG fails but
continues to send data to /dev/random, /dev/random essentially degenerates
into a software RNG. Now granted /dev/random is a pretty good software
RNG, however, for some purposes it just isn't good enough.
Otherwise we can just do away with it and always use /dev/urandom.
Someone else raised the example of Casinos using hardware RNGs. Some
of them are doing this to comply with government regulation. In that
case, using data from the software RNG when the hardware has failed
would be violating the law.
> I can assure you that failing hdd will have more catastrophic
> consequences.
That's we have things like RAID and backups.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2005-03-29 10:34 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-15 13:36 ocf-linux-20050315 - Asynchronous Crypto support for linux David McCullough
2005-03-24 4:27 ` [PATCH] API for true Random Number Generators to add entropy (2.6.11) David McCullough
2005-03-24 4:30 ` [PATCH] API for true Random Number Generators to add entropy (2.4.29) David McCullough
2005-03-24 4:33 ` [PATCH] API for true Random Number Generators to add entropy (2.6.11) Jeff Garzik
2005-03-24 4:46 ` David McCullough
2005-03-24 4:49 ` Michal Ludvig
2005-03-24 5:13 ` Jeff Garzik
2005-03-24 12:37 ` Folkert van Heusden
2005-03-24 12:52 ` David McCullough
2005-03-24 20:51 ` Jeff Garzik
2005-03-24 7:18 ` Jan Engelhardt
2005-03-24 7:37 ` Dave Jones
2005-03-24 4:38 ` [PATCH] " Andrew Morton
2005-03-24 5:17 ` Jeff Garzik
2005-03-24 5:32 ` Andrew Morton
2005-03-29 1:33 ` Matt Mackall
2005-03-24 5:43 ` Randy.Dunlap
2005-03-24 12:21 ` Evgeniy Polyakov
2005-03-24 20:39 ` Jeff Garzik
2005-03-25 4:25 ` Evgeniy Polyakov
2005-03-25 4:45 ` Jeff Garzik
2005-03-25 5:46 ` Herbert Xu
2005-03-31 3:52 ` David McCullough
2005-03-31 13:58 ` [PATCH] API for TRNG (2.6.11) [Fortuna] Jean-Luc Cooke
2005-04-13 15:36 ` Jean-Luc Cooke
2005-03-24 12:28 ` [PATCH 2.6.12-rc1] API for true Random Number Generators to add entropy David McCullough
2005-03-24 12:38 ` [PATCH] API for true Random Number Generators to add entropy (2.6.11) David McCullough
2005-03-24 18:51 ` Andi Kleen
2005-03-24 20:37 ` Jeff Garzik
2005-03-27 17:19 ` Andi Kleen
2005-03-27 18:55 ` folkert
2005-03-28 15:20 ` Andi Kleen
2005-03-28 15:24 ` folkert
2005-03-29 7:17 ` Jeff Garzik
2005-03-29 15:03 ` Andi Kleen
2005-03-29 7:16 ` Jeff Garzik
2005-03-29 15:07 ` Andi Kleen
2005-03-29 7:15 ` Jeff Garzik
2005-03-24 11:59 ` Evgeniy Polyakov
2005-03-24 12:48 ` Jeff Garzik
2005-03-24 13:08 ` Evgeniy Polyakov
2005-03-24 20:53 ` Jeff Garzik
2005-03-24 13:23 ` David McCullough
2005-03-24 13:46 ` Evgeniy Polyakov
2005-03-24 20:56 ` Jeff Garzik
2005-03-25 4:34 ` Evgeniy Polyakov
2005-03-25 4:48 ` Jeff Garzik
2005-03-25 5:33 ` Evgeniy Polyakov
2005-03-25 5:58 ` Jeff Garzik
2005-03-25 6:16 ` Evgeniy Polyakov
2005-03-25 6:13 ` Herbert Xu
2005-03-25 6:34 ` Evgeniy Polyakov
2005-03-25 6:33 ` Herbert Xu
2005-03-25 6:59 ` Evgeniy Polyakov
2005-03-25 6:56 ` Herbert Xu
2005-03-25 7:19 ` Evgeniy Polyakov
2005-03-25 7:19 ` Jeff Garzik
2005-03-25 7:38 ` Evgeniy Polyakov
2005-03-25 7:25 ` Herbert Xu
2005-03-25 7:58 ` Evgeniy Polyakov
[not found] ` <424495A8.40804@freescale.com>
2005-03-25 23:43 ` Jeff Garzik
2005-03-25 23:47 ` Herbert Xu
2005-03-26 0:47 ` Evgeniy Polyakov
2005-03-26 0:36 ` Herbert Xu
2005-03-26 8:52 ` Evgeniy Polyakov
2005-03-28 13:45 ` Jean-Luc Cooke
2005-03-28 21:30 ` Herbert Xu
2005-03-29 10:23 ` Pavel Machek
2005-03-29 10:21 ` Pavel Machek
2005-03-29 10:30 ` Herbert Xu [this message]
2005-03-29 10:38 ` Pavel Machek
2005-03-29 10:45 ` Herbert Xu
2005-03-29 10:50 ` Evgeniy Polyakov
2005-03-29 10:46 ` Herbert Xu
2005-03-29 11:42 ` Evgeniy Polyakov
2005-03-29 11:39 ` Herbert Xu
2005-03-29 12:15 ` Evgeniy Polyakov
2005-03-29 12:13 ` Pavel Machek
2005-03-29 12:43 ` Herbert Xu
2005-03-29 13:11 ` Evgeniy Polyakov
2005-03-29 14:38 ` Evgeniy Polyakov
2005-03-29 13:48 ` Jean-Luc Cooke
2005-03-29 23:36 ` Andrew James Wade
2005-03-29 22:02 ` Bill Davidsen
2005-03-29 22:24 ` Kyle Moffett
2005-03-29 22:46 ` Jeff Garzik
2005-03-30 21:22 ` Bill Davidsen
2005-03-30 21:49 ` Jeff Garzik
2005-03-30 22:27 ` Paul Jackson
2005-03-29 10:18 ` Pavel Machek
2005-03-29 10:25 ` Herbert Xu
2005-03-29 10:53 ` Martin Mares
2005-03-24 20:54 ` Jeff Garzik
2005-03-24 14:25 ` Jean-Luc Cooke
2005-03-24 20:57 ` Jeff Garzik
2005-03-24 21:20 ` Herbert Xu
2005-03-25 5:52 ` Evgeniy Polyakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050329103049.GB19541@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=akpm@osdl.org \
--cc=cryptoapi@lists.logix.cz \
--cc=davidm@snapgear.com \
--cc=jgarzik@pobox.com \
--cc=jmorris@redhat.com \
--cc=johnpol@2ka.mipt.ru \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).