diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-12-22 20:36:22 +0100 |
---|---|---|
committer | H. Peter Anvin <hpa@linux.intel.com> | 2011-12-30 01:49:45 +0100 |
commit | cf833d0b9937874b50ef2867c4e8badfd64948ce (patch) | |
tree | f2eb260e524387c6dce6de17b5c06ec0c34adef7 /crypto/twofish_common.c | |
parent | Linux 3.2-rc7 (diff) | |
download | linux-cf833d0b9937874b50ef2867c4e8badfd64948ce.tar.xz linux-cf833d0b9937874b50ef2867c4e8badfd64948ce.zip |
random: Use arch_get_random_int instead of cycle counter if avail
We still don't use rdrand in /dev/random, which just seems stupid. We
accept the *cycle*counter* as a random input, but we don't accept
rdrand? That's just broken.
Sure, people can do things in user space (write to /dev/random, use
rdrand in addition to /dev/random themselves etc etc), but that
*still* seems to be a particularly stupid reason for saying "we
shouldn't bother to try to do better in /dev/random".
And even if somebody really doesn't trust rdrand as a source of random
bytes, it seems singularly stupid to trust the cycle counter *more*.
So I'd suggest the attached patch. I'm not going to even bother
arguing that we should add more bits to the entropy estimate, because
that's not the point - I don't care if /dev/random fills up slowly or
not, I think it's just stupid to not use the bits we can get from
rdrand and mix them into the strong randomness pool.
Link: http://lkml.kernel.org/r/CA%2B55aFwn59N1=m651QAyTy-1gO1noGbK18zwKDwvwqnravA84A@mail.gmail.com
Acked-by: "David S. Miller" <davem@davemloft.net>
Acked-by: "Theodore Ts'o" <tytso@mit.edu>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'crypto/twofish_common.c')
0 files changed, 0 insertions, 0 deletions