Fixing getrandom()
Fixing getrandom()
Posted Sep 28, 2019 9:57 UTC (Sat) by dd9jn (✭ supporter ✭, #4459)Parent article: Fixing getrandom()
Using Stephan Müller's jitter based entropy generator inside the kernel is by any means the Right Thing to do - even if it is for now only a fallback. In Libgcrypt's Windows version we already use it because on Windows the JitterRNG is the only non-external-hardware RNG which has been approved by Germany's BSI for use in restricted communication at the VS-NfD level. On Linux getrandom has been evaluated as fine but nevertheless we mix some entropy from the JitterRNG into our own entropy pool. Right, we also use RDRAND in addition and that is technically okay. But because RDRAND can't be evaluated the evaluation of Libgcrypt assumes that RDRAND adds 0 bits of entropy to the pool.
Posted Sep 28, 2019 19:52 UTC (Sat)
by patrakov (subscriber, #97174)
[Link] (2 responses)
Posted Sep 28, 2019 20:38 UTC (Sat)
by joib (subscriber, #8541)
[Link]
(Though in my non-expert opinion, it seems having a jitter entropy generator in the kernel for supported targets would be the least bad approach of those discussed here. Those few that run unsupported targets are hopefully sufficiently clueful that they can use a hw RNG, haveged, or maybe they don't need early boot random numbers anyway.)
Posted Oct 2, 2019 0:54 UTC (Wed)
by mangix (guest, #126006)
[Link]
Fixing getrandom()
Fixing getrandom()
Fixing getrandom()