I personally feel that this is overkill. However, it is always a good
idea to cover all of your bases so I would never say that it's a bad
idea. One can never be to secure!
On 5/5/2016 5:40 AM, shawn wilson wrote:
Just reflecting on the Linux RNG thread a bit ago, is there any
technical reason to have RNG in kernel space? There are things like
haveged which seem to work really well and putting or charging code in
any kernel can be a bit of a battle (as it should be with code as
complex as that involving crypto - wouldn't want people missing an
exploit your new system exposes and accepting it*). So I wonder what
the gain is for putting RNGs in the kernel.
The only argument I can think of against this is non technical - if
you rely on users to pick their RNG implementation, they are liable to
get it wrong. This may be valid but I'm still curious about the
technical reasons for RNG in kernel space.
Also, if kernel space is really necessary, I'd think publishing as a
dkms type package would gain more traction for getting into mainline
(but this is probably OT here)
* Obviously that same argument can be made of userspace programs but
I'd much prefer my exploits happen at a less privileged ring whenever
possible :)
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
