[Whonix-devel] How to confirm jitter .ko was loaded
procmem at riseup.net
procmem at riseup.net
Thu May 2 05:44:26 CEST 2019
On 5/2/19 8:09 AM, Stephan Mueller wrote:
> Am Dienstag, 30. April 2019, 13:41:00 CEST schrieb Patrick Schleizer:
>
> Hi Patrick,
>
>> Hello Stephan,
>>
>> thank you for all your kernel work and answering to us here, appreciated!
>>
>> On https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 I asked
>> Debian kernel maintainers to consider enabling the jitter kernel module
>> by default.
>>
>> Would you wish to share your thoughts on this?
> I looked through the bug report. The message #41 effectively summarizes all
> very clearly and derives the right conclusions.
>
> So, the jitterentropy kernel module is only used by the kernel DRBG. And it
> will load the jitterentropy kernel module automatically considering that the
> module name is the same as the cipher name "jitterentropy_rng". Of course,
> this only applies if the kernel module is available in the execution
> environment (like the initramfs) and the DRBG is initialized during that time.
>
> Thus, I am not sure I can contribute more to the bug thread.
>
I guess asked another way, Patrick is wondering what the problems of a
weak kernel DRBG would cause?
We know weak /dev/?random is catastrophic, but it was news to us that
the in-kernel DRBG has no connection to it. So we want to know if this
is so bad too that it warrants forcing the module.
More information about the Whonix-devel
mailing list