I don't think that it's unsufficient. In fact I think that it just
doesn't
have to be done all inside the kernel. And I oppose further extending
the
places where the event gathering code goes in between.
BTW> There is one strong flaw in the resoning behing this whole entropy
stuff.
Iff you trust the cryptographic algorithm for the one way function you
are
using then if you initialize it once - there will be only one chance for
an attacker to tamper with the values. The possibility
for tampering with it will have a certain value, which remains CONSTANT
over
the time. You could call it: breaking risk as well.
If you continuously reinitialize your one way function, the propabilitie
to
tamper with them will ADD (of course not in pure arithmetic terms). An
attacer simply
get's multiple chances. And therefore the overall propability of
tampering
with the values delivered to the user by this device WILL INCREASE.
Multiple initializations help only against cryptographic attacks - but
THEY HURT
overall security of the system, becouse they "open it up".
So this is indeed a serious FLAW inside the logics behind the
implementation of this device.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/