[onerng talk] Linux /dev/random changes on the way ...
Paul Campbell
paul at taniwha.com
Mon Feb 24 02:21:01 GMT 2020
On Monday, 24 February 2020 2:58:04 PM NZDT tmp543901 at buckeye-express.com
wrote:
> Since 5.6 removes estimation of the pool size, there is no other way
> other
> than to inject/mix external entropy at some rate.
>
> Fixed rate entropy injection would work but a variable rate proportional
> to
> entropy read rate plus ceiling and floor would be better. A rough
> approximation
> of the entropy read rate would work and I don't see how it could
> negatively
> impact security since the state would still be black box. I don't think
> this
> is doable right now. As far as I know you can see what processes are
> accessing
> the entropy pools but you can't see how much entropy they are reading.
> This
> would probably require a patch.
I basically agree with this, we're sort of stuck with what we have at the
moment - I'm going to add something that adds to the pool at a configurable
rate, I'm also going to add a way to access OneRNG data directly, probably
through a unix domain socket /tmp/random or some such
Paul
More information about the Discuss
mailing list