On Tue, Oct 10, 2006 at 08:08:32PM +0200, Paul Wouters wrote:
> Since hardware random is not transparently added to /dev/random's entropy,
> applications such as Openswan need to test for the availability of the
> seperate device file (not a good design imho). So Openswan will use
> /dev/hw_random if available.
Why should Openswan touch /dev/hw_random directly?
> Every call to /dev/hw_random gives that one (not very random!) line of output,
> and then nothing more ever. A call to /dev/random still works:
$ apt-cache show rng-tools
[...]
The rngd daemon acts as a bridge between a Hardware TRNG (true random number
generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
PRNG (pseudo-random number generator).
.
It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
tests to verify that it is indeed random, and feeds the random data to the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
kernel entropy pool.
[...]
There is a good reason why /dev/hw_random is different from /dev/random...
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
--
Fedora-xen mailing list
Fedora-xen@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-xen
