Re: FYI/RFC: early-rng-init-tools

To: Thorsten Glaser <tg@debian.org>, debian-devel@lists.debian.org, Philipp Kern <pkern@debian.org>
Subject: Re: FYI/RFC: early-rng-init-tools
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 25 Feb 2019 15:41:09 +0000
Message-id: <[🔎] 31d2e0049d32df55c9c30f1f9ea687a0b7b7714e.camel@decadent.org.uk>
In-reply-to: <[🔎] Pine.BSM.4.64L.1902242008490.19896@herc.mirbsd.org>
References: <[🔎] Pine.BSM.4.64L.1902241918320.19896@herc.mirbsd.org> <[🔎] 2a0c204c-f959-462c-57d6-4b19abbdb917@philkern.de> <[🔎] Pine.BSM.4.64L.1902242008490.19896@herc.mirbsd.org>

On Sun, 2019-02-24 at 20:10 +0000, Thorsten Glaser wrote:
> Hi Philipp,
> 
> >FTR this is supposedly fixed on the main architectures featuring an
> RNG
> >in the CPU by linux 4.19.20-1, which enabled RANDOM_TRUST_CPU. Which
> Ben
> 
> that’s what I referred to by…
> 
> >>• it does not use/add CPU RNG output where present
> >>  ‣ though Linux can now do that itself, some command-line flag…
> 
> … but that only helps if the CPU has such instructions,
[...]

Indeed, on x86 this requires the RDRAND instruction which Intel
introduced in 2011 (Ivy Bridge core) and AMD only implemented in 2015
(Excavator core).

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- FYI/RFC: early-rng-init-tools
  - From: Thorsten Glaser <tg@debian.org>
- Re: FYI/RFC: early-rng-init-tools
  - From: Philipp Kern <pkern@debian.org>
- Re: FYI/RFC: early-rng-init-tools
  - From: Thorsten Glaser <tg@debian.org>

Prev by Date: Re: Salsa CI news
Next by Date: Re: FYI/RFC: early-rng-init-tools
Previous by thread: Re: FYI/RFC: early-rng-init-tools
Next by thread: Re: FYI/RFC: early-rng-init-tools
Index(es):
- Date
- Thread