On Tuesday 10 October 2006 23:50, Paul Wouters wrote: > On Tue, 10 Oct 2006, Michael Buesch wrote: > > > > > Why should Openswan touch /dev/hw_random directly? > > > > > > Because using /dev/random whlie /dev/hw_random is available does not always > > > work (eg with padlock) > > > > Oh, wait wait. I don't really understand your sentence. > > Why can't you use /dev/random? > > We have noticed in the past that on VIA's with the padlock, that > /dev/random stopped working when hw_random got loaded, while we could > get random from /dev/hw_random. So we assumed that was the design. This would be a bug. But I have no idea on how this is possible to happen. > If only a single process should ever touch a device, I wonder why it is > a device visible to all of userland. Oh, well. Why do we have /dev/hda, if touching it creates a damn mess. ;) The device node is there so userspace can access it. Yes. You can read random data from /dev/hw_random. No problem, really, if you are aware of, that there is _NO_ guarantee that the data returned is _really_ random. It may just return 0xFFFFFFFF for some broken piece of overheated (or something else) hardware. So the suggested way to use /dev/hw_random is to let rngd access it and put the data back into the kernel entropy buffers after verifying it. -- Greetings Michael. -- Fedora-xen mailing list Fedora-xen@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-xen
