[openFATE 306591] entropy daemons in 11.2
Feature added by: Brandon Philips (philipsb) Feature #306591, revision 1 Title: entropy daemons in 11.2 openSUSE-11.2: Unconfirmed Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Andreas Jaeger (a_jaeger) Feature #306591, revision 2 Title: entropy daemons in 11.2 - openSUSE-11.2: Unconfirmed + openSUSE-11.2: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall + Discussion: + #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) + This looks to me like a feature where some volunteer could package this + in the build service. Any takers? -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Brandon Philips (philipsb) Feature #306591, revision 3 Title: entropy daemons in 11.2 openSUSE-11.2: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every - input point to the kernel's entropy pool needs to better - document the - type of entropy source it actually is. This will be replaced - with + input point to the kernel's entropy pool needs to better document the + type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? + #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) + I forgot to note that a solution like this will eventually be needed in + SLES too. See FATE#305944 -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Stephan Kulow (coolo) Feature #306591, revision 4 Title: entropy daemons in 11.2 - openSUSE-11.2: Evaluation + openSUSE-11.2: Rejected by Stephan Kulow (coolo) + reject date: 2009-08-12 11:35:35 + reject reason: too late for 11.2, I open it for 11.3 because it came + rather late and so the 1 vote only is a bit unfair Priority Requester: Important + openSUSE-11.3: Evaluation + Priority + Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Frank A (franka8) Feature #306591, revision 6 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 + #3: Frank A (franka8) (2009-11-06 13:15:55) + remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & + netbooks, featuring an on-die industrial grade PRNG random source. It + will be difficult to beat it's effiency & quality, which is already + scrutinized by independent researchers. -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Robert Davies (robopensuse) Feature #306591, revision 9 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. + #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) + Done a little pilot work on this - have asked for comments on mail list + http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Bruno Friedmann (bruno_friedmann) Feature #306591, revision 10 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html + #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) + there's some sort of in obs now ( I'm using entropy_timer for a foreign + server ) + allowing a constant ~4K of entropy, without this entropy could goes + down to <100. + webpin could drive you to the mentionned package. + I'm agree with Franka8 comment, if hardware source exist it would be + better. But having some capable daemon is a sort of fault back, and is + better than nothing + -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Pavol Rusnak (prusnak) Feature #306591, revision 12 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing + #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) + Packages are already in "security" project: + * audio-entropyd + * timer-entropyd + * video-entropyd + -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Cristian Rodríguez (elvigia) Feature #306591, revision 13 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd + #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) + Implemented in 11.4, haveged can be installed. -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Cristian Rodríguez (elvigia) Feature #306591, revision 14 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) + Developer: (Novell) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) Implemented in 11.4, haveged can be installed. -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Bruno Friedmann (bruno_friedmann) Feature #306591, revision 15 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Developer: (Novell) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) Implemented in 11.4, haveged can be installed. + #8: Bruno Friedmann (bruno_friedmann) (2010-08-12 18:49:09) (reply to + #7) + Seems there also haveged available for 11.3 from this one + http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.3/ -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Bruno Friedmann (bruno_friedmann) Feature #306591, revision 16 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important Requested by: Brandon Philips (philipsb) Developer: (Novell) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) Implemented in 11.4, haveged can be installed. #8: Bruno Friedmann (bruno_friedmann) (2010-08-12 18:49:09) (reply to #7) Seems there also haveged available for 11.3 from this one http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.3/ + #9: Bruno Friedmann (bruno_friedmann) (2010-08-12 20:54:55) (reply to #8) + forget to say also others distributions and version + http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.2 + http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.1 + :-) -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Cristian Rodríguez (elvigia) Feature #306591, revision 17 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important openSUSE-11.3: Evaluation Priority Requester: Important + openSUSE-11.4: Unconfirmed + Priority + Requester: Important Requested by: Brandon Philips (philipsb) Developer: (Novell) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) Implemented in 11.4, haveged can be installed. #8: Bruno Friedmann (bruno_friedmann) (2010-08-12 18:49:09) (reply to #7) Seems there also haveged available for 11.3 from this one http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.3/ #9: Bruno Friedmann (bruno_friedmann) (2010-08-12 20:54:55) (reply to #8) forget to say also others distributions and version http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.2 http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.1 :-) -- openSUSE Feature: https://features.opensuse.org/306591
Feature changed by: Andreas Jaeger (a_jaeger) Feature #306591, revision 18 Title: entropy daemons in 11.2 openSUSE-11.2: Rejected by Stephan Kulow (coolo) reject date: 2009-08-12 11:35:35 reject reason: too late for 11.2, I open it for 11.3 because it came rather late and so the 1 vote only is a bit unfair Priority Requester: Important - openSUSE-11.3: Evaluation + openSUSE-11.3: Rejected by (a_jaeger) + reject date: 2010-10-06 16:08:07 + reject reason: not done. Priority Requester: Important - openSUSE-11.4: Unconfirmed + openSUSE-11.4: Done Priority Requester: Important Requested by: Brandon Philips (philipsb) Developer: (Novell) Description: Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon. One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here: * http://www.vanheusden.com/aed/ * http://www.vanheusden.com/ved/ * http://egd.sourceforge.net/ 11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read. The Kernel thread discussing this thread can be found here: http://lkml.org/lkml/2009/4/6/283 commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 What: IRQF_SAMPLE_RANDOM Check: IRQF_SAMPLE_RANDOM When: July 2009 Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy sources in the kernel's current entropy model. To resolve this, every input point to the kernel's entropy pool needs to better document the type of entropy source it actually is. This will be replaced with additional add_*_randomness functions in drivers/char/random.c Who: Robin Getz & Matt Mackall Discussion: #1: Andreas Jaeger (a_jaeger) (2009-07-09 15:59:11) This looks to me like a feature where some volunteer could package this in the build service. Any takers? #2: Brandon Philips (philipsb) (2009-07-09 20:36:27) I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944 #3: Frank A (franka8) (2009-11-06 13:15:55) remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. #4: Robert Davies (robopensuse) (2009-12-07 18:52:00) Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html #5: Bruno Friedmann (bruno_friedmann) (2010-05-09 00:03:09) there's some sort of in obs now ( I'm using entropy_timer for a foreign server ) allowing a constant ~4K of entropy, without this entropy could goes down to <100. webpin could drive you to the mentionned package. I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing - #6: Pavol Rusnak (prusnak) (2010-05-10 01:38:48) Packages are already in "security" project: * audio-entropyd * timer-entropyd * video-entropyd - #7: Cristian Rodríguez (elvigia) (2010-08-12 17:38:57) Implemented in 11.4, haveged can be installed. #8: Bruno Friedmann (bruno_friedmann) (2010-08-12 18:49:09) (reply to #7) Seems there also haveged available for 11.3 from this one http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.3/ #9: Bruno Friedmann (bruno_friedmann) (2010-08-12 20:54:55) (reply to #8) forget to say also others distributions and version http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.2 http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.1 :-) -- openSUSE Feature: https://features.opensuse.org/306591
participants (1)
-
fate_noreply@suse.de