diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2014-07-17 13:27:30 +0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2014-08-06 00:41:50 +0400 |
| commit | 48d6be955a7167b0d0e025ae6c39e795e3544499 (patch) | |
| tree | c6e3ebc786fbb45072fbda6a8c55e91aa17aaf95 /drivers/crypto/ccp/ccp-pci.c | |
| parent | c6e9d6f38894798696f23c8084ca7edbf16ee895 (diff) | |
| download | linux-48d6be955a7167b0d0e025ae6c39e795e3544499.tar.xz | |
random: limit the contribution of the hw rng to at most half
For people who don't trust a hardware RNG which can not be audited,
the changes to add support for RDSEED can be troubling since 97% or
more of the entropy will be contributed from the in-CPU hardware RNG.
We now have a in-kernel khwrngd, so for those people who do want to
implicitly trust the CPU-based system, we could create an arch-rng
hw_random driver, and allow khwrng refill the entropy pool. This
allows system administrator whether or not they trust the CPU (I
assume the NSA will trust RDRAND/RDSEED implicitly :-), and if so,
what level of entropy derating they want to use.
The reason why this is a really good idea is that if different people
use different levels of entropy derating, it will make it much more
difficult to design a backdoor'ed hwrng that can be generally
exploited in terms of the output of /dev/random when different attack
targets are using differing levels of entropy derating.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'drivers/crypto/ccp/ccp-pci.c')
0 files changed, 0 insertions, 0 deletions