diff options
| -rw-r--r-- | md/writeup/kernel_dev_hwrng.md | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index 9812d0f..104b522 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -2,7 +2,14 @@ ## Intro -/* Could be not random at all */ +There is hardware that are can generate "randomness". It can be accesed trought +/dev/hwrng device. Funnies part of hardware random generator it could generate +anything. That why need to verify that data comming from /dev/hwrng. Good +advice is to use /dev/hwrng as additional entropy source. Why we dont trust +/dev/hwrng as random number souce? There is some articles about HW random +generators could be backdoored and could generate predictable values that why +as we cant verify HW design as its not opensourced we choose not to trust it. +In general if you belive in HW random generator you can use it. ## Switching hardware rng @@ -29,7 +36,6 @@ zero-rng ## Testing /dev/hwrng -/* Say basic usage of rng-tools */ There couple of ways how you can test if data is "random" enought. There is standarts like FIPS 140-2 with have criterias to check if data source is pseudo-random. And there is couple of implementations of it. You can get |