Sam Leffler writes: > > But a push system is still better if it doesn't impact performance too > > much. > > Push vs pull and exhaustion depends on your system config which is why I > hedged with "or a hybrid scheme". If a system has a reasonable h/w entropy > source it should be able to pull enough entropy on demand to keep everyone > happy. I know this to be true for at least 4 crypto parts that include a h/w > RNG. On systems like this you want to just shutdown all other forms of > entropy gathering unless you're paranoid about having a single source of > entropy. I'm thinking about a hybrid system right now. This is the very early stages of my thinking, so its a bit raw. The harvest queue has "nearly full" and "nearly empty" marks. At "nearly full" the harvesters get turned off, and at "nearly empty" they get turned back on. The Yarrow thread is throttled so that it only does work (including turning back on the harvesting) when its output is being read. Or something. I'm scared of getting into insecure states, so I want to think about this. I need to check that this doesn't break the Yarrow design (or the up-and-coming Fortuna design). I think it doesn't. M -- Mark Murray iumop ap!sdn w,I idlaHReceived on Thu Aug 05 2004 - 14:05:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:05 UTC