From 27bd5b4c67df243ea5dcd11117bf9cd013294936 Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Fri, 23 Sep 2016 00:18:38 +0100 Subject: kernel_dev_hwrng added intro --- md/writeup/kernel_dev_hwrng.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'md') diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index 9812d0f..104b522 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -2,7 +2,14 @@ ## Intro -/* Could be not random at all */ +There is hardware that are can generate "randomness". It can be accesed trought +/dev/hwrng device. Funnies part of hardware random generator it could generate +anything. That why need to verify that data comming from /dev/hwrng. Good +advice is to use /dev/hwrng as additional entropy source. Why we dont trust +/dev/hwrng as random number souce? There is some articles about HW random +generators could be backdoored and could generate predictable values that why +as we cant verify HW design as its not opensourced we choose not to trust it. +In general if you belive in HW random generator you can use it. ## Switching hardware rng @@ -29,7 +36,6 @@ zero-rng ## Testing /dev/hwrng -/* Say basic usage of rng-tools */ There couple of ways how you can test if data is "random" enought. There is standarts like FIPS 140-2 with have criterias to check if data source is pseudo-random. And there is couple of implementations of it. You can get -- cgit v1.2.3