random(4) plugin infrastructure for mulitple RNG in a modular fashion

[Mark R V Murray]

On 18 Aug 2013, at 11:00, Dag-Erling Smørgrav <des at des.no> wrote:

> Mark R V Murray <mark at grondar.org> writes:
>> I'm looking at the new "adaptors" code and wondering what its for.
> 
> It allows you to have multiple RNGs loaded or compiled-in simultaneously
> and select which one to use at runtime.  Seems eminently sensible to me.

OK - in the context of what is currently there, it makes less sense than
that; loading RDRAND/Ivy and Nehemiah simultaneously is silly because
they are different architectures, and only one can ever work on a particular
box; so what happens is some script selects the wrong one? I suppose
the probe is there to prevent this.

We still have the anachronism where the older hardware RNGs are turned
into /dev/random devices and the newer ones supply their entropy to
the software (Yarrow) for further processing.

I would find this more useful if Nehemiah and RDRAND/Ivy were to go the
same way as the others, and became entropy sources to the software device.

This current mechanism could then be useful as a switch between
Yarrow/Fortuna, but that is only useful (for as long as|if) we keep both
(not an issue for some time except for the embedded folks).

>> If the current three /dev/random drivers were each in KLDs,
>> then kldloading the one you wanted would be sufficient without
>> the extra complexity.
> 
> And what would happen if you loaded several?

"Failure", I would hope - whatever that unintuitive error is that means
"you already have this" (that needs fixing). But see above, if this is
a Yarrow/Fortuna switch, then I'm warming to it.

M
-- 
Mark R V Murray

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 353 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130818/c3efdc97/attachment.sig>