Re: [PATCH] HID: add driver for U2F Zero built-in LED and RNG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Στις Τετ, 14 Νοε 2018 στις 9:08 μ.μ., ο/η Andrej Shadura
<andrew.shadura@xxxxxxxxxxxxxxx> έγραψε:
>
> On 14/11/2018 10:32, Andrej Shadura wrote:
> > On 12/11/2018 03:17, Jiri Kosina wrote:
> >> On Thu, 1 Nov 2018, Andrej Shadura wrote:
> >>
> >>> Hi everyone,
> >>>
> >>> I’ve got a comment from Nick Kossifidis that I probably shouldn’t set
> >>> RNG’s quality to 1024. Adding linux-crypto@ to the loop.
> >>
> >> So, what was this about? Is there any resolution to it? :)
> >
> > So far, not really. I talked to Keith Packard regarding a similar
> > setting in his ChaosKey driver, and I understand his opinion is that it
> > is appropriate there since he’s convinced about the quality of the
> > hardware he designed. I’m not sure what exactly I should set it to here.
>
> Just talked to Theodore Ts'o about this, it seems that it doesn’t really
> matter that much what to set it to, since this subsystem apparently will
> be reworked soon, and setting it to a fair value of 0 will apparently
> make it not feed the entropy pool at all, and with a non-zero value only
> one device with the highest value will be used. I’m tempted to resubmit
> the patch with 0 as the default (as Nick suggested) so that pro users
> can toggle it later from the userspace, but it doesn’t have the
> opportunity to potentially poison the entropy pool if it’s compromised.
>

I think that's better, good to know the subsystem is being reworked.
BTW I brought up some issues regarding the quality parameter and
how it worked some years ago:
https://www.spinics.net/lists/linux-crypto/msg17476.html

I haven't monitored the progress on this one but I recently found
this patch from Theodore that adds an option to skip the CPU's
built-in hwrng (RDRAND).
https://patchwork.kernel.org/patch/10531149/

Since we allow flexibility for the CPU's build-in hwrng, I believe
it's appropriate to at least allow the same level of flexibility for
removable devices as well, even better if the setting can be
modified at runtime as you mention.

-- 
GPG ID: 0xEE878588
As you read this post global entropy rises. Have Fun ;-)
Nick




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux