Announcement

Collapse
No announcement yet.

You Can Now Tell Linux At Boot-Time If You Don't Trust Your CPU Random Number Generator

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • You Can Now Tell Linux At Boot-Time If You Don't Trust Your CPU Random Number Generator

    Phoronix: You Can Now Tell Linux At Boot-Time If You Don't Trust Your CPU Random Number Generator

    Covered on Phoronix back during the Linux 4.19 kernel merge window was the new option for distribution vendors or those compiling their own Linux kernel to decide whether you trust the CPU's random number generator. That compile-time functionality has now been re-worked to allow for a boot-time option so users can more easily indicate whether they trust their own processor's RNG...

    http://www.phoronix.com/scan.php?pag...Time-RNG-Trust

  • #2
    The safest bet still seems to be to use user input to generate entropy. especially if you have an Intel CPU.

    Edit: There are two parts to RNG, entropy source and the psuedo random number generator to make more random numbers from the entropy. If the CPU is involved with either one, perhaps best to avoid both.
    Last edited by jpg44; 09-09-2018, 01:52 PM.

    Comment


    • #3
      Originally posted by jpg44 View Post
      The safest bet still seems to be to use user input to generate entropy. especially if you have an Intel CPU.
      I imagine the absolute safest bet is to always use multiple sources of entropy. I may be a bit of a layman when it comes to Random Number Generators, but my understanding is that it's easy to add entropy but very difficult (or impossible) to remove it. So the more you add, the harder it is to guess - even if you know the exact state of some of the entropy used.

      Comment


      • #4
        i of course trust the hradware random number generator (rdrand) as it is the randomest source of randomness , AFAIK it is the only REAL randomness source
        Last edited by davidbepo; 09-09-2018, 10:56 AM.

        Comment


        • #5
          yeah, right. Intel plants a hidden OS into their processors for decades and nobody bats an eye. But when a little talk about possible flawed random generators whispered - everyone looses their mind.

          Comment


          • #6
            Is this related to the little problem (waiting for 45 secs for random something - I had to install a separate program to solve it: haveged) I had after I installed the Kernel 4.17 on my Debian machine?

            Comment


            • #7
              Originally posted by flux242 View Post
              yeah, right. Intel plants a hidden OS into their processors for decades and nobody bats an eye. But when a little talk about possible flawed random generators whispered - everyone looses their mind.
              I don't think it was ever hidden, it's existence has always been known.

              Comment


              • #8
                What's that old Goebbels saying, 'If you have nothing to hide, then you shouldn't mind it when I rape you.' Or maybe I'm thinking of Bill Burr.

                Comment


                • #9
                  nordrand, kernel boot (2011)
                  https://git.kernel.org/pub/scm/linux...f288f78d713489

                  # CONFIG_HW_RANDOM is not set, build config (2006)
                  https://kernelnewbies.org/Linux_2_6_18#RNG
                  Last edited by latalante; 09-09-2018, 12:13 PM.

                  Comment


                  • #10
                    Originally posted by jpg44 View Post
                    The safest bet still seems to be to use user input to generate entropy. especially if you have an Intel CPU.
                    That's far from safe, humans are notoriously bad at generating random input.

                    Comment

                    Working...
                    X