Re: /dev/random in 2.4.6

Theodore Tso (tytso@mit.edu)
Fri, 17 Aug 2001 17:18:35 -0400


On Wed, Aug 15, 2001 at 11:13:41AM -0600, Andreas Dilger wrote:
> Note that network interrupts do NOT normally contribute to the entropy
> pool. This is because of the _very_theoretical_ possibility that an
> attacker can "control" the network traffic to such a precise extent as
> to flush or otherwise contaminate the entropy from the pool by sending
> packets with very precise intervals and generating interrupts so exactly
> as to fill the entropy pool with known data. IMVHO, this is basically
> impossible, as the attacker could not possibly control ALL of the network
> traffic, and you could optionally define "safe" and "unsafe" interfaces
> for terms of entropy.

That's not the only attack, actually. The much simpler attack pathis
for an attack to **observe** the network traffic to such a precise
extent as to be able to guess what the entropy numbers are that are
going into the pool. (Think: FBI's Carnivore).

The one saving grace here is that in order to really do this well, the
attacker would need to be sitting on the local area network to get the
best and most precise timing numbers. You can argue that this is
still a theoretical attack; but it's not quite so difficult as saying
that the attacker has to "control" the network traffic.

- Ted

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/