[cryptography] on using RDRAND [was: Entropy improvement: haveged + rngd together?]
smueller at chronox.de
Sun Dec 1 07:47:23 EST 2013
Am Freitag, 29. November 2013, 19:05:00 schrieb coderman:
> On Fri, Nov 29, 2013 at 4:54 PM, coderman <coderman at gmail.com> wrote:
> > ...
> > 0. "extract_buf() - 'If we have a architectural hardware random number
> > generator [ED.: but only RDRAND], mix that in, too.'"
> > vers/char/random.c#n1038
> hopefully my last mea culpa,
> but the issue above is fully resolved in latest linux git; Theodore
> Ts'o's work to harden the entropy system in Linux should be commended.
> the less better version directly xor's RDRAND with the pool output
> before handing back to consumer.
> see v3.12 or earlier:
> which looks like this:
This code is already in since 3.4 or so. IIRC, your mentioned code never
appeared on a final kernel tree.
| Cui bono? |
More information about the cryptography