On Wed, 07 Jun 2017, Stephan Müller wrote:
> Am Mittwoch, 7. Juni 2017, 00:19:10 CEST schrieb Henrique de Moraes Holschuh:
> > On that same idea, one could add an early_initramfs handler for entropy
> > data.
>
> Any data that comes from outside during the boot proc
On Tue, 06 Jun 2017, Theodore Ts'o wrote:
> It might be possible, for example, to store a cryptographic key in a
> UEFI boot-services variable, where the key becomes inaccessible after
> the boot-time services terminate. But you also need either a reliable
> time-of-day clock, or a reliable counte
On Tue, 09 Aug 2016, Jason Cooper wrote:
> Perhaps a /dev/hwrng[0-9] per rng? That would lend itself nicely to a
> sysfs interface for per device quality, rate, and enabled attributes.
> e.g. /sys/class/hw_random/hwrng0/{device/,quality,rate,enabled}
IMHO, this is mightly annoying to use from ins
On Tue, 09 Aug 2016, Stephan Mueller wrote:
> RHEL 7 and Fedora do not adjust it. So, shall we consider those rng-tools
> then
> broken (at least in those large distros)?
Might I humbly suggest that the kernel start providing some metatada
about the quality of the random source that userspace ca
On Thu, 24 Jul 2014, Theodore Ts'o wrote:
> On Thu, Jul 24, 2014 at 05:30:19PM -0300, Henrique de Moraes Holschuh wrote:
> > > I wouldn't add the error to the man page until we actually modify the
> > > kernel to add such a restriction.
> >
> > By then
On Thu, 24 Jul 2014, Theodore Ts'o wrote:
> On Thu, Jul 24, 2014 at 08:21:38AM -0700, Andy Lutomirski wrote:
> > > Should we add E to be able to deny access to GRND_RANDOM or
> > > some
> > > future extension ?
> >
> > This might actually be needed sooner rather than later. There are
> > program
On Thu, 24 Jul 2014, Theodore Ts'o wrote:
> ERRORS
> EINVAL An invalid flag was passed to getrandom(2)
>
> EFAULT buf is outside the accessible address space.
>
> EAGAIN The requested entropy was not available, and
> getentropy(2)
On Mon, 28 Oct 2013, Stephan Mueller wrote:
> If it is accepted that the CPU Jitter RNG delivers entropy, the latter
> update may now allow us to get rid of storing the seed file during
> shutdown and restoring it during the next boot sequence.
That's a 4096-bit safety net (uncredited entropy) w
On Thu, 05 Jul 2012, Johannes Goetzfried wrote:
> The register %rdx is written, but never read till the end of the encryption
> routine. Therefore let's delete the useless instruction.
Is it useless, or is it there to harden against some side-channel
attack?
--
"One disk to rule them all, One
On Thu, 25 Feb 2010, Mikael Pettersson wrote:
> > In the sha1_update() case I don't know whether the stack is recycled and
> > leaked - it may be dependent on the calling function, but isn't it
> > vulnerable?
>
> It's only vulnerable if the data leaks to a less trusted domain.
If it is anythi
Cc: [EMAIL PROTECTED] ?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscrib
11 matches
Mail list logo
