On Thu, 12 September 2013 22:13:49 -0400, Theodore Ts'o wrote: > On Thu, Sep 12, 2013 at 06:23:09PM -0400, Jörn Engel wrote: > > It is worse in three ways: > > - it costs performance, > > - it may create a false sense of safety and > > - it actively does harm if we credit it as entropy. > > > > How much weight you assign to each of those is up to you. So long as > > we don't credit any of it as entropy, I am not too adverse to mixing > > it in. But I can equally see benefit in burning the bridges. > > Well, mixing it in and using /dev/[u]random is certainly better than > blindly using the output from the RNG from the TPM directly as a > key.
Absolutely! > I'm not sure what you mean by "burning the bridges"; what is the > alternative that you are suggesting? Not using hardware RNGs at all, see three messages back. We know those things can be compromised, we know a compromise cannot be detected and we know of people/groups that have both a strong motivation and likely the ability to pull it off. I am not taking sides, but I can see good arguments for both approaches. Jörn -- ...one more straw can't possibly matter... -- Kirby Bakken -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/