Entirely agreed, but that is why we have SHA-1. If we assume SHA-1 is
not crackable, then the entropy estimate is actually worthless. It
exists because of the theoretical possibility of learning some state of
the pool from a given read.
In theory, we dont need both SHA-1 hash and the entropy count. They
exist to pacify a theoretical weakness in each.
Now, my net device patch should only be enabled in situations where both
you trust SHA-1 (and I think most do) and you trust that reading net
devices yields the full amount of entropy.
-- Robert M. Love rml at ufl.edu rml at tech9.net- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/