Re: [PATCH v6 0/5] /dev/random - a new approach
From: Stephan Mueller
Date: Wed Aug 17 2016 - 01:21:27 EST
Am Dienstag, 16. August 2016, 15:28:45 CEST schrieb H. Peter Anvin:
Hi Peter,
> >
> > There are two motivations for that:
> >
> > - the current /dev/random is compliant to NTG.1 from AIS 20/31 which
> > requires (in brief words) that entropy comes from auditible noise
> > sources. Currently in my LRNG only RDRAND is a fast noise source which is
> > not auditible (and it is designed to cause a VM exit making it even
> > harder to assess it). To make the LRNG to comply with NTG.1, RDRAND can
> > provide entropy but must not become the sole entropy provider which is
> > the case now with that change.
> >
> > - the current /dev/random implementation follows the same concept with the
> > exception of 3.15 and 3.16 where RDRAND was not rate-limited. In later
> > versions, this was changed.
>
> I'm not saying it should be *sole*. I am questioning the value in
> limiting it, as it seems to me that it could only ever produce a worse
> result.
It is not about the limiting of the data. It is all about the entropy estimate
for those noise sources and how they affect the entropy estimator behind /dev/
random. If that fast noise source injects large amount of data but does not
increase the entropy estimator, it is of no concern.
Ciao
Stephan