Re: [RFC] frandom - fast random generator module

[Jeff Garzik]

Andreas Dilger wrote:
> Actually, there are several applications of low-cost RNG inside the kernel.
>
> For Lustre we need a low-cost RNG for generating opaque 64-bit handles in
> the kernel.  The use of get_random_bytes() showed up near the top of
> our profiles and we had to invent our own low-cost crappy PRNG instead (it's
> good enough for the time being, but when we start working on real security
> it won't be enough).
>
> The tcp sequence numbers probably do not need to be crypto-secure (I could
> of course be wrong on that ;-) and with GigE or 10GigE I imagine the number
> of packets being sent would put a strain on the current random pool.


We don't need "low cost RNG" and "high cost RNG" in the same kernel. 
That just begs a "reduce RNG cost" solution...  I think security experts 
can easily come up with arguments as to why creating your own "low-cost 
crappy PRNG" isn't needed -- you either need crypto-secure, or you 
don't.  If you don't, then you could just as easily create an ascending 
64-bit number for your opaque filehandle, or use a hash value, or some 
other solution that doesn't require an additional PRNG in the kernel.

For VIA CPUs, life is easy.  Use xstore insn and "You've got bytes!"  :)

	Jeff



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/