On Wed, 2 Mar 2005, Jeff Dike wrote:
> I wrote a little HW random number generator based on hw_random.c. It hooks
> itself up to major 10, minor 183, which seems to be the standard for a
> HW RNG. The standard name for this seems to be /dev/hwrng.
Unfortunately many Intel chipsets lack the hardware RNG, and non-Intel
cloned BIOS flashram chips (like on my laptop, hiss, boo) often lack it
even though the rest of the chipset seems mainline. That's why you have to
load hw_random.ko on speculation and just let it take an error exit if the
RNG fails to respond.
As I understand it, the kernel adds hardware RNG data to the entropy pool
if the device is available. The only problem with Intel's RNG is that it
is rather slow, though probably it produces more entropy than internal
kernel events in a UML. Thus, connecting to /dev/random or /dev/urandom
is more auto-configuring: you get hardware entropy if available and you get
software entropy automatically if not. With /dev/urandom, if the kernel
runs out of entropy it fakes it using a deterministic pseudo-random
> I don't know if the ususal random number consumers look for /dev/hwrng before
You have to put that in the config file, at least for ssh, generic SSL,
Apache and Postfix. This would make sense if you had a special
crypto-grade RNG. I've seen advertisements for these things.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@... http://www.math.ucla.edu/~jimc (q.v. for PGP key)