On 01/12/12 16:52, Roman Yeryomin wrote:
On 12 January 2012 14:53, Florian Fainelli<flor...@openwrt.org> wrote:
Hello,
On 01/12/12 12:29, Olipro wrote:
Haveged is an entropy gathering daemon which refills the kernel's entropy
pool by timing the nanoseconds a CPU takes to complete a loop. The
existing
haveged only supports a few architectures - I have added support for any
given architecture by utilising the CLOCK_MONOTONIC_RAW introduced in
kernel 2.6.28 - no doubt this does incur a performance penalty since the
architecture specific code uses assembler. unfortunately reading r9 from
cp0 on mips requires the cpu to be in kernel or supervisor mode.
Unlike rng-tools, using haveged ensure the entropy pool is not simply
refilled from /dev/urandom - thus ensuring that evicted entropy is not
recycled into the secure pool.
however, I'm not entirely sure what dependencies I should be making this
rely on to ensure people on say... brcm2.4 don't get it, thus if someone
could take a look at it, I'd be most appreciative - the package itself
works just fine, I'm using it on my WNDR3800.
Though I am not against adding this daemon, rather, I think that we should
make some network drivers interrupts fill the kernel entropy pool like it
used to be, this should solve the entropy problem on most platforms.
--
If I remember correctly there were some security reasons of removing
it from the kernel.
Yes, and the reason why you get less interrupts at high rates is because
of NAPI which limits the number of interrupts and prefers polling the
network adapter for new packets, though I don't think it will be a
problem for the SOHO router case routing at most 100Mbits or 1Gbits of
trafic in the best case. This should still generate enough interrupts.
Although I've done this on ramips platform and didn't face any issues
I think that, potentially, a better source or entropy would be radio
noise. Of cause if it's possible to get.
Indeed, using entropy from Wi-Fi cards would also be a good idea since
it's less predictable. As you say, using radio noise would be even better.
--
Florian
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
