[linux-elitists] Re: Nehemiah crypto support in a Linux distro

James Cloos cloos+zgp-linux-elitists@jhcloos.com
Wed Oct 20 04:35:36 PDT 2004


>>>>> "Eugen" == Eugen Leitl <eugen@leitl.org> writes:

Eugen> Any adverse reactions if I load the module on boot, and just
Eugen> ln -s /dev/hw_random /dev/random ?

The idea behind using /dev/hwrandom (or /dev/hw_random) rather than
just /dev/random is that a usermode daemon can grab entropy from the
hw pool and mix it in to the main random pool.  

Of course, however you do it -- sym link, hard link, mknod, external
daemon -- there is a risk involved.

If you use a link or just:

 rm -f /dev/random && mknod /dev/random c 10 183

you run the risks of pathological failurs in that single entropy
source, the module in question getting rmmod(8)ed, etc.

If you use a mixing daemon you run the risk of that daemon getting
kill(2)ed.

In the latter case, however, the only symptom is that some apps may
block.  Given that most apps only grab from /dev/random for a seed
for a (cryptographic)? prng, this is a much smaller risk than using
c 10 183 directly for everything.  

-JimC
-- 
James H. Cloos, Jr. <cloos@jhcloos.com> <http://jhcloos.com>



More information about the linux-elitists mailing list