Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)

[Jeff Garzik]

Bill Davidsen wrote:
> Herbert Xu wrote:
>
> > You missed the point.  This has nothing to do with the crypto API.
> > Jeff is saying that if this is disabled by default, then only a few
> > users will enable it and therefore use this API.
> >
> > Since we can't afford to enable it by default as hardware RNG may
> > fail which can lead to catastrophic consequences, there is no point
> > for this API at all.
>
>
> Wait a minute, if it fails the system drops back to software, which is 
> not as good in a pedantic analysis, but perhaps falls a good bit short 
> of "catastrophic consequences" as most people would characterize that 
> phrase. And more to the point, now that many CPUs and chipsets are the 
> RNG of choice, what is the actual probability of a failure of the RNG 
> leaving a functional system (that's a real question seeking response 
> from someone who has some actual data).

As I've said, in the past the Intel RNGs in particular -have- failed, 
but the rest of the system keeps on working just fine.

It probably depends on the hardware implementation; I think the Intel 
RNG was based on a thermal diode, or somesuch.

In the cases where an RNG has failed in the past, the system has worked 
as expected:  rngd stopped feeding data into the entropy pool.

If the VIA RNG (on-CPU) fails, that's probably indicative of a larger 
problem, though.

	Jeff


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/