Στις Τετ, 14 Νοε 2018 στις 9:08 μ.μ., ο/η Andrej Shadura <andrew.shadura@xxxxxxxxxxxxxxx> έγραψε: > > On 14/11/2018 10:32, Andrej Shadura wrote: > > On 12/11/2018 03:17, Jiri Kosina wrote: > >> On Thu, 1 Nov 2018, Andrej Shadura wrote: > >> > >>> Hi everyone, > >>> > >>> I’ve got a comment from Nick Kossifidis that I probably shouldn’t set > >>> RNG’s quality to 1024. Adding linux-crypto@ to the loop. > >> > >> So, what was this about? Is there any resolution to it? :) > > > > So far, not really. I talked to Keith Packard regarding a similar > > setting in his ChaosKey driver, and I understand his opinion is that it > > is appropriate there since he’s convinced about the quality of the > > hardware he designed. I’m not sure what exactly I should set it to here. > > Just talked to Theodore Ts'o about this, it seems that it doesn’t really > matter that much what to set it to, since this subsystem apparently will > be reworked soon, and setting it to a fair value of 0 will apparently > make it not feed the entropy pool at all, and with a non-zero value only > one device with the highest value will be used. I’m tempted to resubmit > the patch with 0 as the default (as Nick suggested) so that pro users > can toggle it later from the userspace, but it doesn’t have the > opportunity to potentially poison the entropy pool if it’s compromised. > I think that's better, good to know the subsystem is being reworked. BTW I brought up some issues regarding the quality parameter and how it worked some years ago: https://www.spinics.net/lists/linux-crypto/msg17476.html I haven't monitored the progress on this one but I recently found this patch from Theodore that adds an option to skip the CPU's built-in hwrng (RDRAND). https://patchwork.kernel.org/patch/10531149/ Since we allow flexibility for the CPU's build-in hwrng, I believe it's appropriate to at least allow the same level of flexibility for removable devices as well, even better if the setting can be modified at runtime as you mention. -- GPG ID: 0xEE878588 As you read this post global entropy rises. Have Fun ;-) Nick
