Re: [PATCH] avoid entropy starvation due to stack protection

[Theodore Ts'o]

On Fri, Dec 21, 2012 at 09:07:35PM +0100, OndÅej BÃlka wrote:
> I was suggesting in another thread different approach.
> 
> Use AES-based cryptographic random number generator as replacement of 
> /dev/urandom. Reseeding would get done by changing both aes key and
> data.
> 
> This would with hardware support make /dev/urandom much faster than its now.

You can do this in userspace.  And in fact, if you need huge numbers
of random session keys, such as in a Kerberos KDC or an IPSEC IKE
daemon, that's what I would recommand (and what most of them do
already).

The original goal and intent for /dev/random was really for long-term
keys where we are trying to leverage randomness available from
hardware, which only the kernel would be able to collect.  It was not
intended as a high speed random number generator; the best use of it
is either for the generation of a long-term public key, or other
secret (such as a Kerberos master key), or to seed a cryptographic
random number generator which then operates in userspace.

If you need speed, then by all means, use a cryptographic random
number generator in userspace, or if it's for a monte carlo simulator,
use a good userspace PRNG.

						- Ted






--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/