From: Stephan Mueller <smueller@chronox.de>
To: Pavel Machek <pavel@ucw.cz>
Cc: Ted Tso <tytso@mit.edu>,
herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, sandyinchina@gmail.com
Subject: Re: [RFC][PATCH 0/6] /dev/random - a new approach
Date: Mon, 25 Apr 2016 07:12:02 +0200 [thread overview]
Message-ID: <2786389.45NX5QFsAJ@positron.chronox.de> (raw)
In-Reply-To: <20160424212459.GA4725@amd>
Am Sonntag, 24. April 2016, 23:25:00 schrieb Pavel Machek:
Hi Pavel,
> > /* This RNG does not work if no high-resolution timer is available */
> > BUG_ON(!random_get_entropy() && !random_get_entropy());
>
> Heh, does this cause BUG() with 2^-64 probability? :-).
No, but for the listed arches, get_cycles would return 0. And I only call the
function twice to not be tripped by a potential wrap around at the time of
calling.
>
> > If there is no high-resolution timer, the LRNG will not produce good
> > entropic random numbers. The current kernel code implements
> > high-resolution timers for all but the following architectures where
> > neither random_get_entropy nor
> > get_cycles are implemented:
> Ok, what about stuff like Intel 486 (no RDTSC)?
>
> > Thus, for all large-scale architectures, the LRNG would be applicable.
> >
> > Please note that also the legacy /dev/random will have hard time to obtain
> > entropy for these environments. The majority of the entropy comes
> > from high-
>
> Understood.
>
> > Though, the patch I offer leaves the legacy /dev/random in peace for those
> > architectures to not touch the status quo.
>
> Well -- that's the major problem -- right? Makes it tricky to tell
> what changed, and we had two RNGs to maintain.
I would rather think that even the legacy /dev/random should not return any
values in those environments. The random numbers that are returned on these
systems are bogus, considering that the only noise source that could deliver
some entropy excluding timestamps (if you trust the user) are the HID event
values. And for those listed systems, I doubt very much that they are used in
a desktop environment where you have a console.
If everybody agrees, I can surely add some logic to make the LRNG working on
those systems. But those additions cannot be subjected to a thorough entropy
analysis. Yet I feel that this is wrong.
My goal with the LRNG is to provide a new design using proven techniques that
is forward looking. I am aware that the design does not work in circumstances
where the high-res timer is not present. But do we have to settle on the least
common denominator knowing that this one will not really work to begin with?
Ciao
Stephan
prev parent reply other threads:[~2016-04-25 5:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-21 9:11 [RFC][PATCH 0/6] /dev/random - a new approach Stephan Mueller
2016-04-21 9:12 ` [PATCH 1/6] crypto: DRBG - externalize DRBG functions for LRNG Stephan Mueller
2016-04-21 9:13 ` [PATCH 2/6] random: conditionally compile code depending on LRNG Stephan Mueller
2016-04-21 9:13 ` [PATCH 3/6] crypto: Linux Random Number Generator Stephan Mueller
2016-04-21 9:14 ` [PATCH 4/6] crypto: LRNG - enable compile Stephan Mueller
2016-04-21 9:14 ` [PATCH 5/6] crypto: LRNG - hook LRNG into interrupt handler Stephan Mueller
2016-04-21 9:16 ` [PATCH 6/6] hyperv IRQ handler: trigger LRNG Stephan Mueller
2016-04-21 13:03 ` [RFC][PATCH 0/6] /dev/random - a new approach Nikos Mavrogiannopoulos
2016-04-21 13:09 ` Stephan Mueller
2016-04-21 15:16 ` Stephan Mueller
2016-04-25 7:55 ` Nikos Mavrogiannopoulos
2016-04-25 8:02 ` Stephan Mueller
2016-04-25 8:23 ` Nikos Mavrogiannopoulos
2016-04-26 1:11 ` Theodore Ts'o
2016-05-03 13:57 ` Nikos Mavrogiannopoulos
2016-05-03 14:48 ` tytso
2016-05-03 16:20 ` Nikos Mavrogiannopoulos
2016-05-03 15:01 ` Austin S. Hemmelgarn
2016-04-22 2:51 ` Theodore Ts'o
2016-04-22 4:59 ` Stephan Mueller
2016-04-22 13:09 ` Sandy Harris
2016-04-24 15:21 ` Pavel Machek
2016-04-24 17:32 ` Stephan Mueller
2016-04-24 21:25 ` Pavel Machek
2016-04-25 5:12 ` Stephan Mueller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2786389.45NX5QFsAJ@positron.chronox.de \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=sandyinchina@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).