On Sun, Jun 19, 2016 at 3:36 PM, Pavel Machek <pavel@xxxxxx> wrote: >> The following patch set provides a different approach to /dev/random ... > > Dunno. It is very similar to existing rng, AFAICT. I do not think so. A lot of the basic principles are the same of course, but Stephan is suggesting some real changes. On the other hand, I'm not sure all of them are good ideas & Ted has already incorporated some into the driver, so it is debatable how much here is really useful. > And at the very least, constants in existing RNG could be tuned > to provide "entropy at the boot time". No, this is a rather hard problem & just tweaking definitely will not solve it. Ted's patches, Stephan's, mine, the grsecurity stuff and the kernel hardening project all have things that might help, but as far as I can see there is no complete in-kernel solution yet. Closest thing I have seen to a solution are Denker's suggestions at: http://www.av8n.com/computer/htm/secure-random.htm#sec-boot-image Those, though, require changes to build & installation methods & it might be hard to get distros & device vendors to do it. > So IMO this should be re-done as tweaks to existing design, not as > completely new RNG. I agree, & I think Stephan has already done some of that. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
