On Sat, Jun 18, 2011 at 03:40:50PM -0700, H. Peter Anvin wrote:
On 06/17/2011 01:28 PM, Matt Mackall wrote:
The one use case that it is cryptographically insufficient for is to
seed a new PRNG, which probably means it is unsuitable for being fed
as-is into /dev/random.
The thing to
On Sun, Jun 19, 2011 at 09:38:43AM -0400, Neil Horman wrote:
It sounds to me like, if its desireous to bypass the entropy pool, then we
should bypass the /dev/random path altogether. Why not write a hwrng driver
that can export access to the rdrand instruction via a misc device.
I presume
On 06/19/2011 08:07 AM, Herbert Xu wrote:
On Sun, Jun 19, 2011 at 09:38:43AM -0400, Neil Horman wrote:
It sounds to me like, if its desireous to bypass the entropy pool, then we
should bypass the /dev/random path altogether. Why not write a hwrng driver
that can export access to the rdrand
On 06/17/2011 01:28 PM, Matt Mackall wrote:
The one use case that it is cryptographically insufficient for is to
seed a new PRNG, which probably means it is unsuitable for being fed
as-is into /dev/random.
The thing to understand about the input side of /dev/random is that it's
COMPLETELY
Matt Mackall wrote:
On Wed, 2011-06-15 at 10:49 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Tue, 2011-06-14 at 18:51 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
But that's not even the point. Entropy accounting here is about
providing a theoretical level of security above
On Fri, Jun 17, 2011 at 02:51:31PM -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Wed, 2011-06-15 at 10:49 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Tue, 2011-06-14 at 18:51 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
But that's not even the point. Entropy accounting here
On 06/14/2011 04:12 PM, Matt Mackall wrote:
Various people have offered to spend some time fixing this; I haven't
had time to look at it for a while.
So on my (long...) list of things to do for a while is enablement of
RDRAND, which is a new instruction in Ivy Bridge disclosed in the latest
On Fri, 2011-06-17 at 12:48 -0700, h...@zytor.com wrote:
On 06/14/2011 04:12 PM, Matt Mackall wrote:
Various people have offered to spend some time fixing this; I haven't
had time to look at it for a while.
So on my (long...) list of things to do for a while is enablement of
RDRAND,
Matt Mackall wrote:
On Tue, 2011-06-14 at 18:51 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
But that's not even the point. Entropy accounting here is about
providing a theoretical level of security above cryptographically
strong. As the source says:
Even if it is possible to analyze
On Wed, 2011-06-15 at 10:49 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Tue, 2011-06-14 at 18:51 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
But that's not even the point. Entropy accounting here is about
providing a theoretical level of security above cryptographically
john stultz wrote:
On Mon, 2011-06-13 at 18:06 -0400, Jarod Wilson wrote:
Many server systems are seriously lacking in sources of entropy,
as we typically only feed the entropy pool by way of input layer
events, a few NIC driver interrupts and disk activity. A non-busy
server can easily become
On Mon, 2011-06-13 at 18:06 -0400, Jarod Wilson wrote:
Many server systems are seriously lacking in sources of entropy,
as we typically only feed the entropy pool by way of input layer
events, a few NIC driver interrupts and disk activity. A non-busy
server can easily become entropy-starved.
Jarod Wilson wrote:
Matt Mackall wrote:
On Mon, 2011-06-13 at 18:06 -0400, Jarod Wilson wrote:
Many server systems are seriously lacking in sources of entropy,
as we typically only feed the entropy pool by way of input layer
events, a few NIC driver interrupts and disk activity. A non-busy
On Tue, 2011-06-14 at 11:18 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Mon, 2011-06-13 at 18:06 -0400, Jarod Wilson wrote:
Many server systems are seriously lacking in sources of entropy,
as we typically only feed the entropy pool by way of input layer
events, a few NIC driver
Matt Mackall wrote:
On Tue, 2011-06-14 at 11:18 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
No: it's not a great idea to _credit_ the entropy count with this data.
Someone watching the TSC or HPET from userspace can guess when samples
are added by watching for drop-outs in their
Matt Mackall wrote:
On Tue, 2011-06-14 at 16:17 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
On Tue, 2011-06-14 at 11:18 -0400, Jarod Wilson wrote:
Matt Mackall wrote:
...
No: it's not a great idea to _credit_ the entropy count with this data.
Someone watching the TSC or HPET from
16 matches
Mail list logo