Re: [PATCH] random, Add user configurable get_bytes_random()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Prarit Bhargava <prarit@redhat.com>
To: "Theodore Ts'o" <tytso@mit.edu>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] random, Add user configurable get_bytes_random()
Date: Thu, 05 Sep 2013 11:08:28 -0400	[thread overview]
Message-ID: <52289E6C.8090301@redhat.com> (raw)
In-Reply-To: <20130905144818.GA23661@thunk.org>



On 09/05/2013 10:48 AM, Theodore Ts'o wrote:
> On Thu, Sep 05, 2013 at 08:18:44AM -0400, Prarit Bhargava wrote:
>> The current code has two exported functions, get_bytes_random() and
>> get_bytes_random_arch().  The first function only calls the entropy
>> store to get random data, and the second only calls the arch specific
>> hardware random number generator.
>>
>> The problem is that no code is using the get_bytes_random_arch() and switching
>> over will require a significant code change.  Even if the change is
>> made it will be static forcing a recompile of code if/when a user has a
>> system with a trusted random HW source.  A better thing to do is allow
>> users to decide whether they trust their hardare random number generator.
> 
> I fail to see the benefit of just using the hardware random number
> generator.  We are already mixing in the hardware random number
> generator into the /dev/random pool, and so the only thing that using

The issue isn't userspace /dev/random as much as it is the use of
get_random_bytes() through out the kernel.  Switching to get_random_bytes_arch()
is a search'n'replace on the entire kernel.  If a user wants the faster random
HW generator why shouldn't they be able to use it by default?

P.

next prev parent reply	other threads:[~2013-09-05 15:08 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-05 12:18 [PATCH] random, Add user configurable get_bytes_random() Prarit Bhargava
2013-09-05 14:48 ` Theodore Ts'o
2013-09-05 15:08   ` Prarit Bhargava [this message]
2013-09-05 19:03     ` Theodore Ts'o
2013-09-05 19:49       ` Theodore Ts'o
2013-09-06 12:08         ` Prarit Bhargava
2013-09-06 13:57           ` Theodore Ts'o
2013-09-12 17:40             ` Jörn Engel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52289E6C.8090301@redhat.com \
    --to=prarit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.