Jivin Jeff Garzik lays it down ... ... > >If kernelspace can assist and driver _knows_ in advance that data > >produced is cryptographically strong, why not allow it directly > >access pools? > > A kernel driver cannot know in advance that the data from a hardware RNG > is truly random, unless the data itself is 100% validated beforehand.
You can also say that it cannot know that data written to /dev/random is truly random unless it is also validated ? For argument you could just run "cat < /dev/hwrandom > /dev/random" instead of using rngd. If /dev/random demands a level of randomness, shouldn't it enforce it ? If the HW is using 2 random sources, a non-linear mixer and a FIPS140 post processor before handing you a random number it would be nice to take advantage of that IMO. Cheers, Davidm -- David McCullough, [EMAIL PROTECTED] Ph:+61 7 34352815 http://www.SnapGear.com Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/