From 6183d8ffaafd4ab7ee11b5662ae22e815b3cf476 Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Mon, 21 Jun 2021 22:16:22 +0100 Subject: Update /dev/hwrng article --- md/writeup/kernel_dev_hwrng.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index b5e496a..d632652 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -10,7 +10,14 @@ advice is to use /dev/hwrng as additional entropy source. Why we dont trust /dev/hwrng as random number source? There is some articles about HW random generators could be backdoored and could generate predictable values that why as we cant verify HW design as its not open sourced we choose not to trust it. -In general if you believe in HW random generator you can use it. +In general if you trust in HW random generators you can use them, but for security +you better not trust them as there is no way to verify on your side if there is no +backdoors, so use default secure linux implementation. + +First code example is introducing crypto subsystem of linux and how to use it, by +creating "random" generator that generates zeros. Second example is utilise Intel +builtin random generator and instruction __rdrand__. + ## Switching hardware rng -- cgit v1.2.3