On Tue, Aug 08, 2000 at 01:54:08PM -0400, Theodore Y. Ts'o wrote:
> Date: Tue, 8 Aug 2000 19:42:39 +0200
> From: "Andi Kleen" <ak@suse.de>
>
> That wouldn't happen when you were using a secure PRNG to select the
> interrupts to get data from, or ? You just have to make sure that the
> PRNG initial state is not seeded from the network or anything else the
> attacker could guess.
>
> Well, the question I thought that was being asked was why wasn't the
> interrupts from NIC's feeding in entropy by default into the /dev/random
> pool.
>
> I'm not sure what you mean about using a secure PRNG to select the
> interrupts to get data from; there's a bootstrapping issue here, and
You would need a master key. Still better than no random numbers on a
diskless server.
> even if you do use a PRNG to select whether or not a particular entropy
> is sampled, that decision only contributes one bit of entropy into the
> pool.....
One bit ? I was assuming you always put in in the time difference between
interrupts, which is surely a lot more than one bit (when it is there or not)
Alternatively you could just run a Stream cipher over the input, but I guess
that requires too much trust for the outgoing hash (just like the prng)
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:15 EST