Am Dienstag, 23. Juni 2015, 22:44:11 schrieb Pavel Machek: Hi Pavel, > On Mon 2015-05-18 18:25:25, Stephan Mueller wrote: > > Make the threshold at which the output entropy pools are considered to > > be initialized configurable via a kernel command line option. The > > current integer value of 128 bits is a good default value. However, some > > user groups may want to use different values. For example, the SOGIS > > group now requires 125 bits at least (BSI, the participant at that group > > used to require 100 bits). NIST moved from 80 bits to 112 bits starting > > with 2014. > > > > It is therefore to be expected that in the future, this threshold may > > increase for different user groups. > > Speaking of random and kernel parameters... should we add random=<hex > digits> parameter to pass entropy from bootloader to the kernel? Everybody can see that string. How do you think that way of providing entropy is protected? > u-boot-SPL does DRAM calibration, for example, and I guess that may > provide some rather hard to guess values... > > [I initialy misread parameter below as "random_initize=" and thought > it does exactly this...] > Pavel > > > + random_initialized= [KNL] Set the threshold in bits at which the > > + Linux random number generator considers an output > > + entropy pool initialized. > > + Format: <int> (must be >= 112 and <= size of output > > + entropy pool in bits) > > + Default: 128 > > + -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
