Re: [PATCH] let Net Devices feed Entropy, updated (1/2)

Robert Love (rml@tech9.net)
18 Aug 2001 23:56:41 -0400


On 18 Aug 2001 22:36:00 -0500, Oliver Xymoron wrote:
> But your claim is there _is_ entropy. If you think there is, go ahead and
> use it. Via /dev/urandom. Yes, I know it's theoretically not secure, but
> then neither is what you're proposing.

I am only continuing this because I want to explain...

I claim there is entropy from what? The difference between interrupts
for net devices? Everyone agrees that there is. The issues is that an
external attacker could influence the interrupts to the net device, and
thus make some assumptions about the state. That is why this patch is
configurable. Do as you please. As I said, some people want it or need
it.

Again, /dev/urandom is just as "secure" as /dev/random. Its the same
pool. The same stuff. Except that /dev/random blocks when the entropy
count hits 0.

Now, this count is purely theoretical, too. Its an estime of the amount
of entropy -- lack of determinability -- in the pool of bytes.

Even when it reaches 0, since the pool is still unknown (only previous
output may be known) and the output is hashed, its still pretty much
undeterminable. But mathematically and theoretically, our entropy
estimate says it is not.

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/