Followup to: <20000124161304.A21992@atrey.karlin.mff.cuni.cz>
By author: Pavel Machek <pavel@suse.cz>
In newsgroup: linux.dev.kernel
>
> hi!
>
> > > > Is it feasible to offer a compile-time option which simply replaces
> > > > /dev/random?
> > >
> > > Methinks that would be an error. You'd be trusting the RNG too much.
> > > Use it as an input to /dev/random by all means, but not as a
> > > replacement.
> >
> > Either you trust RNG or you don't. There is no middle ground.
>
> I just trust hardware RNG to be more random then keypresses. Yes there
> is middle ground.
>
> > If you do not trust RNG, then using it as a /dev/random entropy source
> > is pointless. Why introduce theoretically non-random entropy to the
> > /dev/random pool?
>
> We already include keypresses in /dev/random pool. They are not
> random, are they? Network packet timing is also far from random, is
> it? But both are still valuable sources of data.
>
The only issue is how much do you bump the enthrophy counter. If you
bump it 0 everytime, you could enter constant data without problems
(in fact, some sources bump 0 because we can't *guarantee* that they
have more enthropy than that.) If you bump it more than that, you are
making the promise that *at least* that much enthropy was injected in
the pool.
-hpa
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:12 EST