[Whonix-devel] How to confirm jitter .ko was loaded
Patrick Schleizer
adrelanos at riseup.net
Tue Apr 30 13:41:00 CEST 2019
Hello Stephan,
thank you for all your kernel work and answering to us here, appreciated!
On https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 I asked
Debian kernel maintainers to consider enabling the jitter kernel module
by default.
Would you wish to share your thoughts on this?
Kind regards,
Patrick
-------- Forwarded Message --------
Subject: Re: Bug#927972: jitterentropy_rng.ko never loads
Date: Tue, 30 Apr 2019 11:38:00 +0000
From: Patrick Schleizer <adrelanos at riseup.net>
To: Luca Boccassi <bluca at debian.org>, 927972 at bugs.debian.org,
procmem at riseup.net <procmem at riseup.net>
On https://www.whonix.org/pipermail/whonix-devel/2019-April/001371.html
its developer wrote:
> [...]
> - the in-kernel crypto API has an RNG framework that provides a DRBG.
This
DRBG is used for in-kernel crypto API purposes. It may be accessed from
user
space via AF_ALG [2]. Yet, this is not accessible from /dev/random, /dev/
urandom or getrandom. The DRBG uses the in-kernel JitterRNG to seed itself.
> [...]
Better entropy for in-kernel crypto API purposes sounds good as a
general security enhancement.
Fedora enables this kernel module by default, too.
Does this sound like a good idea to enable loading this kernel module by
default in Debian?
More information about the Whonix-devel
mailing list