Alex Bligh - linux-kernel wrote:
>In debugging why my (unloaded) IMAP server takes many seconds
>to open folders, I discovered what looks like a problem
>in 2.4's feeding of entropy into /dev/random. When there
>is insufficient entropy in the random number generator,
>reading from /dev/random blocks for several seconds. /dev/random
>is used (correctly) for crytographic key verification.
Use /dev/urandom, or buy a hardware RNG.
>However, only 3 drivers in drivers/net actually set
>SA_SAMPLE_RANDOM when calling request_irq(). I believe
>all of them should. And indeed this fixed the problem for
>me using an eepro100().
This is unsafe. The time that packets arrive is not secret:
anyone who can run a sniffer on your network can potentially
recover this information. Thus, such timings are unsuitable
for introduction into the entropy pool.
(More precisely, there's no harm in adding them to the entropy
pool if they are added in a way so that the /dev/random pool
doesn't increment its estimate of how much entropy it has
collected. The real harm comes when you bump up the randomness
counter based on them, and if I understand your proposed change,
this is what it's doing.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 15 2001 - 21:00:10 EST