Re: drivers/char/random.c needs a (new) maintainer

From: Jason A. Donenfeld
Date: Wed Dec 23 2020 - 09:34:07 EST

Next message: Heikki Krogerus: "[PATCH] ACPI / scan: Don't create platform device for INT3515 ACPI nodes"
Previous message: Steen Hegelund: "Re: [RFC PATCH v2 8/8] arm64: dts: sparx5: Add the Sparx5 switch node"
In reply to: Petr Tesarik: "Re: drivers/char/random.c needs a (new) maintainer"
Next in thread: Stephan Mueller: "Re: drivers/char/random.c needs a (new) maintainer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 23, 2020 at 3:17 PM Petr Tesarik <ptesarik@xxxxxxx> wrote:
> Upfront, let me admit that SUSE has a vested interest in a FIPS-certifiable Linux kernel.

Sorry, but just because you have a "vested interest", or a financial
interest, or because you want it does not suddenly make it a good
idea. The idea is to have good crypto, not to merely check some boxes
for the bean counters.

For example, it's very unlikely that future kernel RNGs will move to
using AES, due to the performance overhead involved on non-table-based
implementations, and the lack of availability of FPU/AES-NI in all the
contexts we need. NT's fortuna machine can use AES, because NT allows
the FPU in all contexts. We don't have that luxury (or associated
performance penalty).

I would, however, be interested in a keccak-based construction. But
just using the keccak permutation does not automatically make it
"SHA-3", so we're back at the same issue again. FIPS is simply not
interesting for our requirements.

Jason

Next message: Heikki Krogerus: "[PATCH] ACPI / scan: Don't create platform device for INT3515 ACPI nodes"
Previous message: Steen Hegelund: "Re: [RFC PATCH v2 8/8] arm64: dts: sparx5: Add the Sparx5 switch node"
In reply to: Petr Tesarik: "Re: drivers/char/random.c needs a (new) maintainer"
Next in thread: Stephan Mueller: "Re: drivers/char/random.c needs a (new) maintainer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]