[cryptography] Kernel space vs userspace RNG

Kevin kevinsisco61784 at gmail.com
Thu May 5 14:13:06 EDT 2016


I personally feel that this is overkill.  However, it is always a good 
idea to cover all of your bases so I would never say that it's a bad 
idea.  One can never be to secure!


On 5/5/2016 5:40 AM, shawn wilson wrote:
>
> Just reflecting on the Linux RNG thread a bit ago, is there any 
> technical reason to have RNG in kernel space? There are things like 
> haveged which seem to work really well and putting or charging code in 
> any kernel can be a bit of a battle (as it should be with code as 
> complex as that involving crypto - wouldn't want people missing an 
> exploit your new system exposes and accepting it*). So I wonder what 
> the gain is for putting RNGs in the kernel.
>
> The only argument I can think of against this is non technical - if 
> you rely on users to pick their RNG implementation, they are liable to 
> get it wrong. This may be valid but I'm still curious about the 
> technical reasons for RNG in kernel space.
>
> Also, if kernel space is really necessary, I'd think publishing as a 
> dkms type package would gain more traction for getting into mainline 
> (but this is probably OT here)
>
> * Obviously that same argument can be made of userspace programs but 
> I'd much prefer my exploits happen at a less privileged ring whenever 
> possible :)
>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20160505/810df17e/attachment.html>


More information about the cryptography mailing list