[PATCH] API for true Random Number Generators to add entropy
(2.6.11)
Pavel Machek
pavel at ucw.cz
Tue Mar 29 10:18:16 UTC 2005
Hi!
> >>See the earlier discussion, when data validation was -removed- from the
> >>original Intel RNG driver, and moved to userspace.
> >
> >I'm not arguing against userspace validation, but if data produced
> >_is_ cryptographically strong, why revalidate it again?
>
> You cannot prove this without validating the data in software.
>
> Otherwise, you are not handling the hardware-fault case.
>
> It is foolish to presume that hardware always works correctly. It is
> -very- foolish to presume this, in cryptography.
We trust hardware, anyway. Like your disk *could* accidentaly turn on
setuid bit on /bin/bash, and we do not insist on userspace
disk-validator.
I do not think paranoia about random generators is neccessary. If
vendor provides you with random generator, it should be ok to just use
it. [Did anyone see failing hw random generator, *at all*?] I can
provide you with plenty of failing hdds....
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
More information about the CryptoAPI
mailing list