> Chris Friesen wrote:
>> The problem is this. If you have an embedded system that is headless,
>> diskless, keyboardless, and
>> mouseless, then your only remaining source of any interrupt-based
>> entropy is the network.
> Try replacing "network" with "/dev/zero" to see how your sentence
> sounds, and then maybe the flaw in your reasoning will become apparent.
> "If you have an embedded system that is headless, etc., then your
> only remaining source of entropy is /dev/zero."
> Well, sometimes there is just no reliable entropy source on hand.
> Maybe it's better to admit that than to fool ourselves.
And how would you see this. On a diskless/headless system, you'll be
sure to find more than one NIC, making it IMHO very unlikely for one
attacker to be able to generate so much traffic on all of those that all
NICs are continuesly generating interrupts. Granted, it's not the best
source of entropy, but it's guanranteed to be more that /dev/zero.
Having your network cards in your entropy pool, is not really bad, and
is a lot better than not being able to generate session keys at all for
your ssh connection.
> To unsubscribe from this list: send the line "unsubscribe linux-kernel"
> the body of a message to email@example.com
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--- Met vriendelijke groeten,
SARA - Stichting Academisch Rekencentrum Amsterdam http://www.sara.nl High Performance Computing Tel. +31 20 592 8008 Fax. +31 20 668 3167
"I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/