Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

[Herbert Xu]

On Tue, Mar 29, 2005 at 12:21:04PM +0200, Pavel Machek wrote:
> 
> What catastrophic consequences? Noone is likely to even *notice*, and
> it does not help practical attack at all. Unless hardware RNGs are
> *very* flakey (like, more flakey than harddrives), this is not a problem.

The reason some people use hardware RNGs in the first place is because
they don't trust the software RNGs.  When the hardware RNG fails but
continues to send data to /dev/random, /dev/random essentially degenerates
into a software RNG.  Now granted /dev/random is a pretty good software
RNG, however, for some purposes it just isn't good enough.

Otherwise we can just do away with it and always use /dev/urandom.

Someone else raised the example of Casinos using hardware RNGs.  Some
of them are doing this to comply with government regulation.  In that
case, using data from the software RNG when the hardware has failed
would be violating the law.

> I can assure you that failing hdd will have more catastrophic
> consequences.

That's we have things like RAID and backups.
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/