From: Michael Buesch <mb@bu3sch.de>
To: Paul Wouters <paul@xelerance.com>
Cc: linux-kernel@vger.kernel.org, Gabor Gombas <gombasg@sztaki.hu>,
fedora-xen@redhat.com
Subject: Re: more random device badness in 2.6.18 :(
Date: Wed, 11 Oct 2006 00:05:54 +0200 [thread overview]
Message-ID: <200610110005.54322.mb@bu3sch.de> (raw)
In-Reply-To: <Pine.LNX.4.63.0610102334470.27986@tla.xelerance.com>
On Tuesday 10 October 2006 23:50, Paul Wouters wrote:
> On Tue, 10 Oct 2006, Michael Buesch wrote:
>
> > > > Why should Openswan touch /dev/hw_random directly?
> > >
> > > Because using /dev/random whlie /dev/hw_random is available does not always
> > > work (eg with padlock)
> >
> > Oh, wait wait. I don't really understand your sentence.
> > Why can't you use /dev/random?
>
> We have noticed in the past that on VIA's with the padlock, that
> /dev/random stopped working when hw_random got loaded, while we could
> get random from /dev/hw_random. So we assumed that was the design.
This would be a bug. But I have no idea on how this is possible to happen.
> If only a single process should ever touch a device, I wonder why it is
> a device visible to all of userland.
Oh, well. Why do we have /dev/hda, if touching it creates a damn mess. ;)
The device node is there so userspace can access it. Yes. You can read
random data from /dev/hw_random. No problem, really, if you are aware of,
that there is _NO_ guarantee that the data returned is _really_ random.
It may just return 0xFFFFFFFF for some broken piece of overheated (or
something else) hardware.
So the suggested way to use /dev/hw_random is to let rngd access it and
put the data back into the kernel entropy buffers after verifying it.
--
Greetings Michael.
next prev parent reply other threads:[~2006-10-10 22:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-10 18:08 more random device badness in 2.6.18 :( Paul Wouters
2006-10-10 20:50 ` Gabor Gombas
2006-10-10 21:03 ` Paul Wouters
2006-10-10 21:13 ` Michael Buesch
2006-10-10 21:50 ` Paul Wouters
2006-10-10 22:05 ` Michael Buesch [this message]
2006-10-10 23:32 ` Gabor Gombas
2006-10-11 3:46 ` Paul Wouters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200610110005.54322.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=fedora-xen@redhat.com \
--cc=gombasg@sztaki.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@xelerance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.