diff options
Diffstat (limited to 'md/writeup')
| -rw-r--r-- | md/writeup/kernel_dev_hwrng.md | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index 104b522..5e903a7 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -2,14 +2,14 @@ ## Intro -There is hardware that are can generate "randomness". It can be accesed trought +There is hardware that are can generate "randomness". It can be accessed trough /dev/hwrng device. Funnies part of hardware random generator it could generate -anything. That why need to verify that data comming from /dev/hwrng. Good +anything. That why need to verify that data coming from /dev/hwrng. Good advice is to use /dev/hwrng as additional entropy source. Why we dont trust -/dev/hwrng as random number souce? There is some articles about HW random +/dev/hwrng as random number source? There is some articles about HW random generators could be backdoored and could generate predictable values that why -as we cant verify HW design as its not opensourced we choose not to trust it. -In general if you belive in HW random generator you can use it. +as we cant verify HW design as its not open sourced we choose not to trust it. +In general if you believe in HW random generator you can use it. ## Switching hardware rng @@ -20,7 +20,7 @@ _/sys/class/misc/hw_random/ $ls /sys/class/misc/hw_random/ dev power rng_available rng_current subsystem uevent ``` -Check avaliable hwrng modules +Check available hwrng modules ``` $cat /sys/class/misc/hw_random/rng_available @@ -36,11 +36,11 @@ zero-rng ## Testing /dev/hwrng -There couple of ways how you can test if data is "random" enought. There -is standarts like FIPS 140-2 with have criterias to check if data source is +There couple of ways how you can test if data is "random" enough. There +is standards like FIPS 140-2 with have criteria to check if data source is pseudo-random. And there is couple of implementations of it. You can get tool like rng-tools and test data. Lets imagine that you have installed it -allready in your favorite way. +already in your favorite way. _Output every 5 seconds pseudo random tests results_ ```sh @@ -212,8 +212,8 @@ Well all tests fails thats good ### Practical example -Lets asume that we are running this code on Intel arch and it supports -_rdrand_ instruction for random genertion. +Lets assume that we are running this code on Intel arch and it supports +_rdrand_ instruction for random generation. ``` @@ -281,7 +281,7 @@ $ cat /sys/class/misc/hw_random/rng_current intel-rng ``` -Well everything looks fine and test are passsed if you goint to try test it +Well everything looks fine and test are passed if you going to try test it with rng-tools. ## Links |