Mailinglist Archive: opensuse-kernel (77 mails)

< Previous Next >
[opensuse-kernel] Re: [opensuse-factory] Fate #306591: entropy daemons in 11.2 - Kernel Removal IRQF_SAMPLE_RANDOM
  • From: Rob OpenSuSE <rob.opensuse.linux@xxxxxxxxxxxxxx>
  • Date: Thu, 10 Dec 2009 17:43:35 +0000
  • Message-id: <ce9d8ed60912100943v667e7e27v7c5a3885d090e6a8@xxxxxxxxxxxxxx>
2009/12/10 Marcus Meissner <meissner@xxxxxxx>:
On Mon, Dec 07, 2009 at 11:58:02AM +0000, Rob OpenSuSE wrote:
I have taken an interest in Fate #306591 Andreas Jaeger has mused on
community volunteer to package something.  Now, I took a look at few
suggestions, but 2 of them weren't "just work" in sense that they
required webcam or mic, which seems like a possible can of worms to

Most of the stuff running in the system is not a good enough random

Geting input from a true noise source would be more helpful, like
from TPMs.

Yes, perhaps if the kernel team have drivers for TPM & TRNG's their
high quality source of entropy could be incorporated. Unfortunately
any contribution I make on this feature, needs to be less ambitious if
I am to get a positive result in a reasonable amount of time.

Perhaps an ability to configure the daemon for reading from an SSL
socket, or a local device, for better entropy sources where they are
available, would allow incorporation of such sources? Mixed in with
clock jitter and system events, even a central daemon reading from CDR
of prepared random numbers, is likely to be a practical solution to
the problem, for a network of diskless hosts.

As it stands, yes, I could put a mic near my fan outlet, I can use a
webcam, but they have potential privacy concerns, in addition to being
in way of normal use of the machine. That's the core reason I'm
looking from the EGD system files and clock jitter angle at moment.

Thanks for the feedback, any attempt to provide entropy from user
space needs scrutiny due to the security implications

To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kernel+help@xxxxxxxxxxxx

< Previous Next >