Re: TPMs and random numbers

From: Theodore Ts'o
Date: Thu Sep 12 2013 - 22:14:21 EST

Next message: Jingoo Han: "[PATCH V2] mfd: timberdale: remove unnecessary pci_set_drvdata()"
Previous message: Lucas De Marchi: "Re: [RFC PATCH 1/1] module: Make wait module's refcount to zeroprocedure as async"
In reply to: JÃrn Engel: "Re: TPMs and random numbers"
Next in thread: JÃrn Engel: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 12, 2013 at 06:23:09PM -0400, Jörn Engel wrote:
> It is worse in three ways:
> - it costs performance,
> - it may create a false sense of safety and
> - it actively does harm if we credit it as entropy.
>
> How much weight you assign to each of those is up to you. So long as
> we don't credit any of it as entropy, I am not too adverse to mixing
> it in. But I can equally see benefit in burning the bridges.

Well, mixing it in and using /dev/[u]random is certainly better than
blindly using the output from the RNG from the TPM directly as a
key.

I'm not sure what you mean by "burning the bridges"; what is the
alternative that you are suggesting?

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jingoo Han: "[PATCH V2] mfd: timberdale: remove unnecessary pci_set_drvdata()"
Previous message: Lucas De Marchi: "Re: [RFC PATCH 1/1] module: Make wait module's refcount to zeroprocedure as async"
In reply to: JÃrn Engel: "Re: TPMs and random numbers"
Next in thread: JÃrn Engel: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]