Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)

[folkert]

> > For joe-user imho it's better to do a check from a cronjob once a day. But for
> > high demand security, maybe make it pluggable? Like that a user can plug-in some
> > module which does the testing? Then you can have several kinds of tests
> > depending on your needs.
> In my old 2.4 patch there was a sysctl to turn off the kernel reseeding.
> If you turn it off you can do it in user space. That might be
> an option for the clinical paranoid. 
> BTW what do you do when the FIPS test fails? I dont see a good fallback
> path for this case.

Send a message to klogd and let read() block untill the test no longer fails.


Folkert van Heusden

Auto te koop! Zie: http://www.vanheusden.com/daihatsu.php
Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
+------------------------------------------------------------------+
|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
|a try, it brings monitoring logfiles to a different level! See    |
|http://vanheusden.com/multitail/features.html for a feature list. |
+------------------------------------------= www.unixsoftware.nl =-+
Phone: +31-6-41278122, PGP-key: 1F28D8AE
Get your PGP/GPG key signed at www.biglumber.com!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/