diff options
| author | FreeArtMan <dos21h@gmail.com> | 2021-06-21 22:16:22 +0100 |
|---|---|---|
| committer | FreeArtMan <dos21h@gmail.com> | 2021-06-21 22:16:22 +0100 |
| commit | 6183d8ffaafd4ab7ee11b5662ae22e815b3cf476 (patch) | |
| tree | c7d9da8d9ceb626554865914cd7dd99c780a4ea4 | |
| parent | 0ab4ab1ef46d6696243ce5a57a4008eebfde1b20 (diff) | |
| download | md-content-6183d8ffaafd4ab7ee11b5662ae22e815b3cf476.tar.gz md-content-6183d8ffaafd4ab7ee11b5662ae22e815b3cf476.zip | |
Update /dev/hwrng article
| -rw-r--r-- | md/writeup/kernel_dev_hwrng.md | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index b5e496a..d632652 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -10,7 +10,14 @@ advice is to use /dev/hwrng as additional entropy source. Why we dont trust /dev/hwrng as random number source? There is some articles about HW random generators could be backdoored and could generate predictable values that why as we cant verify HW design as its not open sourced we choose not to trust it. -In general if you believe in HW random generator you can use it. +In general if you trust in HW random generators you can use them, but for security +you better not trust them as there is no way to verify on your side if there is no +backdoors, so use default secure linux implementation. + +First code example is introducing crypto subsystem of linux and how to use it, by +creating "random" generator that generates zeros. Second example is utilise Intel +builtin random generator and instruction __rdrand__. + ## Switching hardware rng |