[Openswan dev] Support for hardware random number generators

Vrabete, Brad brad.vrabete at intel.com
Wed Nov 19 11:42:02 EST 2008

Hi Paul,

That's exactly what I'm running now  but I'm concerned about performance:
rngd is running in the user space and all these user space to kernel (and
back) transfers are using processor time.  I was trying to find a way to use
a proper HW RNG (no streams of 0, FIPS compliant) without having to use
rngd. I know OCF adds that but the OCF function does not get called on a
system with a HD, due to the way Linux's entropy pool is filled (on every
disk access and/or interrupt). Any suggestions? 

Are you using get_random_bytes in Openswan?  



>-----Original Message-----
>From: Paul Wouters [mailto:paul at xelerance.com] 
>Sent: 19 November 2008 16:35
>To: Vrabete, Brad
>Cc: dev at openswan.org
>Subject: Re: [Openswan dev] Support for hardware random number 
>On Wed, 19 Nov 2008, Vrabete, Brad wrote:
>> I have noticed the support for /dev/hw_random has been 
>dropped in the 
>> last versions. What was the reason? Low quality of existing HW RNG?
>/dev/hw_random is not meant to be used directly. You must run 
>rngd which reads /dev/hw_random, runs FIPS 140-2 tests and 
>adds to /dev/random. So all applications should only use 
>/dev/random itself.
>And yes, on certain intel/amd setups we got streams of zero's 
>out of /dev/hw_random.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6671 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20081119/d8d6240b/attachment.bin 
-------------- next part --------------
Intel Shannon Limited
Registered in Ireland
Registered Office: One Spencer Dock, North Wall Quay, Dublin 1
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

More information about the Dev mailing list