[Openswan dev] Support for hardware random number generators
Paul Wouters
paul at xelerance.com
Wed Nov 19 15:12:48 EST 2008
On Wed, 19 Nov 2008, Vrabete, Brad wrote:
> That's exactly what I'm running now but I'm concerned about performance:
> rngd is running in the user space and all these user space to kernel (and
> back) transfers are using processor time. I was trying to find a way to use
> a proper HW RNG (no streams of 0, FIPS compliant) without having to use
> rngd.
You'd have to move FIPS compliance into the kernel. And Linus does not want
policy into the kernel....
> I know OCF adds that but the OCF function does not get called on a
> system with a HD, due to the way Linux's entropy pool is filled (on every
> disk access and/or interrupt). Any suggestions?
Perhaps OCF could get a hook to do this? David?
> Are you using get_random_bytes in Openswan?
That is used at various places, yes. (KLIPS, not sure about NETKEY, I don't
think it does)
Paul
More information about the Dev
mailing list