Re: [PATCH] random, Add user configurable get_bytes_random()

[Theodore Ts'o]

On Thu, Sep 05, 2013 at 08:18:44AM -0400, Prarit Bhargava wrote:
> The current code has two exported functions, get_bytes_random() and
> get_bytes_random_arch().  The first function only calls the entropy
> store to get random data, and the second only calls the arch specific
> hardware random number generator.
> 
> The problem is that no code is using the get_bytes_random_arch() and switching
> over will require a significant code change.  Even if the change is
> made it will be static forcing a recompile of code if/when a user has a
> system with a trusted random HW source.  A better thing to do is allow
> users to decide whether they trust their hardare random number generator.

I fail to see the benefit of just using the hardware random number
generator.  We are already mixing in the hardware random number
generator into the /dev/random pool, and so the only thing that using
only the HW source is to make the kernel more vulnerable to an attack
where the NSA leans on a few Intel employee and forces/bribes them to
make a change such that the last step in the RDRAND's AES whitening
step is changed to use a counter plus a AES key known by the NSA.

     		       	 	      - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/