tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: rework kernel random number subsystem
>> [I]f working hardware RNG get auto-detached whenever a 1-in-10000
>> test trips, long-lived systems _will_ lose their RNGs.
> 1) Hardware RNGs are statistically tested only once [per boot] [...]
> So we are actually talking about a hardware RNG being incorrectly
> detached once per 10,000 system boots.
Ah. Yes, that's still not great, but probably better than risking
failed hardware going unnoticed. (I'd _like_ to see some way to
control this, even if a kernel compile option, but it really doesn't
make all that much difference to me.)
Of course, it introduces a new risk, that of hardware failing in
service and the failure not being noticed until next boot (which may be
quite a while off; I've seen systems with well over a year of uptime).
However, hardware RNGs are probably one of the less fragile pieces on
systems that have them....
> 2) This is considerably gentler than what the relevant standard
> requires, namely shutdown and restart of the entire cryptographic
> module -- in other words, a panic.
Agreed. It might be nice to have an option to behave that way, for
tick-list conformance if nothing else, but if whoever's doing it (you?)
doesn't want to bother implementing more than one reaction I'd prefer
the current way.
Again, it doesn't make a whole lot of difference to me.
> My thinking is that, again, with other sources of entropy for the
> pool (including entropy preserved across normal shutdown/restart
> cycles, which I will implement soon)
Hm. Saving entropy across reboots makes me uneasy but I haven't been
able to come up with any specific example of something it gets wrong,
at least not assuming the entropy-in-the-pool value is set to 0 even if
entropy is loaded at boot, and the pool is stirred before being saved.
I assume it's disableable?
> it is better to detach the hardware RNG, emit a warning, and continue
> to run, than to reboot the whole system. But perhaps this is wrong;
> after all, if the result is spurious, it should not happen again at
> the next boot -- and if it *does* happen repeatedly, perhaps most
> admins would prefer to *not* run the system without a hardware RNG in
> the long term.
Well, "continue to run" is a somewhat misleading phrasing if this
happens at hardware RNG attach time, since that will be boot time, not
after the system has been up for a while.
I also think that unconditionally panicking at boot time if the RNG
fails is possibly a bad idea; it makes it difficult-to-impossible to
boot manually and build a kernel with the RNG disabled. Of course, not
all admins will want to do that, but some will.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index