RE: [PATCH 2/2] ath9k: disable RNG by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

The problem with using the add_device_randomness is that we do not know when to call that API, and we have to make our solution either timer-based or interrupt based, which is not really the correct way of implementing this feature.

Thanks,
Miaoqing

-----Original Message-----
From: Pan, Miaoqing 
Sent: Wednesday, August 10, 2016 3:41 PM
To: Stephan Mueller <smueller@xxxxxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Matt Mackall <mpm@xxxxxxxxxxx>; miaoqing@xxxxxxxxxxxxxx; Valo, Kalle <kvalo@xxxxxxxxxxxxxxxx>; linux-wireless@xxxxxxxxxxxxxxx; ath9k-devel <ath9k-devel@xxxxxxxxxxxxxxxx>; linux-crypto@xxxxxxxxxxxxxxx; jason@xxxxxxxxxxxxxx; Sepehrdad, Pouyan <pouyans@xxxxxxxxxxxxxxxx>
Subject: RE: [PATCH 2/2] ath9k: disable RNG by default

Hi Stephan,

That is set as "optional but highly recommended" in the FIPS doc, plus the fact that we do not have a requirement to have a FIP-approved RNG in our case. Although FIPS might impose higher and stronger requirements on the source of entropy, but not passing those tests does not mean the source of entropy is of bad quality. As I mentioned earlier, we just need to evaluate the amount of entropy it provides correctly and use it accordingly. If we are dealing with a chip which has a HW RNG, we expect extremely high entropy close to full from our source, but this patch is for chips which do not have a dedicated HW RNG in place to improve the quality of random number generation on the platform.

Thanks,
Miaoqing

-----Original Message-----
From: Stephan Mueller [mailto:smueller@xxxxxxxxxx]
Sent: Wednesday, August 10, 2016 3:27 PM
To: Pan, Miaoqing <miaoqing@xxxxxxxxxxxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Matt Mackall <mpm@xxxxxxxxxxx>; miaoqing@xxxxxxxxxxxxxx; Valo, Kalle <kvalo@xxxxxxxxxxxxxxxx>; linux-wireless@xxxxxxxxxxxxxxx; ath9k-devel <ath9k-devel@xxxxxxxxxxxxxxxx>; linux-crypto@xxxxxxxxxxxxxxx; jason@xxxxxxxxxxxxxx; Sepehrdad, Pouyan <pouyans@xxxxxxxxxxxxxxxx>
Subject: Re: [PATCH 2/2] ath9k: disable RNG by default

Am Mittwoch, 10. August 2016, 07:15:49 CEST schrieb Pan, Miaoqing:

Hi Miaoqing,

> Hi Stephan,
> 
> NIST SP 800-22-rev1a and NIST SP 800-90B are used together to evaluate 
> the amount of min entropy the source provides, and not to decide if 
> the source has passed the tests or failed. See
> 
> https://github.com/usnistgov/SP800-90B_EntropyAssessment
> 
> The goal is often to make sure the input entropy is more than the 
> entropy we expect from the output.

You are correct on the SP800-90B tests (hence I did not refer to them for the binary decision). Yet, SP800-22 with the associated tool delivers a binary decision.

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux