Re: [PATCH] random: mix in architectural randomness in extract_buf()

[H. Peter Anvin]

On 07/27/2012 07:39 PM, Theodore Ts'o wrote:
> Ok, I'll add this patch to the random tree.  I've modified the commit
> message a bit since the speed advertisement of RDRAND is rather
> pointless --- processes aren't generating session keys or long term
> keys at a high rate, and programs can't count on /dev/random being
> super fast and having unlimited entropy, since for most platforms and
> even most x86 CPU's deployed in service today, this isn't true --- and
> making your userspace program depond upon /dev/random in such a way
> that it only works on Ivy Bridge CPU's might be good for Intel from a
> vendor lock-in perspective, but it's really bad, non-portable
> programming style.
>
> Also, in the future arch_get_random_long() will almost certainly be
> hooked up for other architectures, so putting an extended
> advertisement for RDRAND really isn't appropriate.

Thanks.  /dev/random vs /dev/urandom is orthogonal to this; as you note 
we still haven't changed the entropy accounting.  I am thinking that 
that is probably better left to rngd at least until RDSEED is available 
(or the equivalent on other hardware.)

	-hpa


--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/