From: Michael Buesch <mb@bu3sch.de>
To: Paul Wouters <paul@xelerance.com>
Cc: linux-kernel@vger.kernel.org, Gabor Gombas <gombasg@sztaki.hu>,
fedora-xen@redhat.com
Subject: Re: more random device badness in 2.6.18 :(
Date: Wed, 11 Oct 2006 00:05:54 +0200 [thread overview]
Message-ID: <200610110005.54322.mb@bu3sch.de> (raw)
In-Reply-To: <Pine.LNX.4.63.0610102334470.27986@tla.xelerance.com>
On Tuesday 10 October 2006 23:50, Paul Wouters wrote:
> On Tue, 10 Oct 2006, Michael Buesch wrote:
>
> > > > Why should Openswan touch /dev/hw_random directly?
> > >
> > > Because using /dev/random whlie /dev/hw_random is available does not always
> > > work (eg with padlock)
> >
> > Oh, wait wait. I don't really understand your sentence.
> > Why can't you use /dev/random?
>
> We have noticed in the past that on VIA's with the padlock, that
> /dev/random stopped working when hw_random got loaded, while we could
> get random from /dev/hw_random. So we assumed that was the design.
This would be a bug. But I have no idea on how this is possible to happen.
> If only a single process should ever touch a device, I wonder why it is
> a device visible to all of userland.
Oh, well. Why do we have /dev/hda, if touching it creates a damn mess. ;)
The device node is there so userspace can access it. Yes. You can read
random data from /dev/hw_random. No problem, really, if you are aware of,
that there is _NO_ guarantee that the data returned is _really_ random.
It may just return 0xFFFFFFFF for some broken piece of overheated (or
something else) hardware.
So the suggested way to use /dev/hw_random is to let rngd access it and
put the data back into the kernel entropy buffers after verifying it.
--
Greetings Michael.
next prev parent reply other threads:[~2006-10-10 22:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-10 18:08 more random device badness in 2.6.18 :( Paul Wouters
2006-10-10 20:50 ` Gabor Gombas
2006-10-10 21:03 ` Paul Wouters
2006-10-10 21:13 ` Michael Buesch
2006-10-10 21:50 ` Paul Wouters
2006-10-10 22:05 ` Michael Buesch [this message]
2006-10-10 23:32 ` Gabor Gombas
2006-10-11 3:46 ` Paul Wouters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200610110005.54322.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=fedora-xen@redhat.com \
--cc=gombasg@sztaki.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@xelerance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox