Re: [PATCH] (0/4) Entropy accounting fixes

Oliver Xymoron (oxymoron@waste.org)
Sun, 18 Aug 2002 01:18:02 -0500


On Sat, Aug 17, 2002 at 10:05:49PM -0700, Dmitri wrote:
>
> Wouldn't it be much easier to ask -very few- people (GnuPG/SSL/SSH teams
> primarily) to use /dev/super-reliable-mathematically-proven-random if
> available, instead of asking much larger crowd to hack their code?

Most people (including OpenSSH!) are already using /dev/urandom where
appropriate.

If you care about the difference between /dev/random and /dev/urandom,
then you ought to care about the difference _actually being there_. If
your entropy estimates are not conservative, then your system will
leak entropy faster than it takes it in and then /dev/random and
/dev/urandom will by identical _by definition_.

> This will be backward compatible, and at the same time offers a much
> better randomness for those who care about it. Myself, I read
> 128-bit session keys for multiple, not-so-secure, short connections
> from /dev/random and it would be sad if it runs out of data.

Why would that be sad? It's at least billions of times easier to break
a 128-bit key than to guess the internal state of /dev/urandom, even
if the system has no entropy sources.

> Also, /dev/random may take data from /dev/super-...random until it sucks
> it dry, and then switches to less secure sources. This will guarantee that
> the enthropy of readings is -not worse than-, and for moderate requests is
> much better.

Simple enough:

mv /dev/random /dev/super-random
ln -s /dev/urandom /dev/random

Backward compatible and everything.

-- 
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/