Question - seeding the hw pseudo random number generator
Stephan Müller
smueller at chronox.de
Thu Mar 23 04:35:56 PDT 2017
Am Donnerstag, 23. März 2017, 09:03:23 CET schrieb Harald Freudenberger:
Hi Harald,
> I'll have a look on it. Currently the s390/crypto/prng seeds itself with
> an algorithm based on the jitter of the very fine granular hardware
> clock of a s390 machine. There were some thoughts and measurements
> by an mathematician which let to this algorithm.
It takes a page and simply writes 512 times the high-res time stamp using
get_tod_clock_fast into it. Effectively it uses the same fundamental noise
source as the jitterentropy. (A couple of months ago I had to perform an
SP800-90B assessment on exactly that code path. :-) )
> However, long-term
> the s390 platform will provide some kind of true hardware random number
> generator and the idea is to use this for seeding the prng.
The question is just that it provides a device file nobody else provides. And
the question is whether to consolidate it. If it is a DRNG, the discussion is
about consolidating it behind AF_ALG. If it is an RNG with its own noise
source (i.e. it provides entropic data by itself), it should rather be placed
into drivers/char/hw_random and use the hw-random framework. This framework
will also ensure that it may seed the /dev/random device kernel-internally.
Ciao
Stephan
More information about the linux-arm-kernel
mailing list