Re: [PATCH] let Net Devices feed Entropy, updated (1/2)

From: Robert Love (rml@tech9.net)
Date: Sat Aug 18 2001 - 22:12:39 EST


On 18 Aug 2001 18:41:30 -0500, Oliver Xymoron wrote:
> Why don't those who aren't worried about whether they _really_ have enough
> entropy simply use /dev/urandom?

because there still is no entropy. /dev/urandom and /dev/random are
from the same source - /dev/random will just block if the entropy count
drops to 0. note that entropy != bytes in pool. the "entropy" is an
estimate of the randomness of the pool. it decrements as bytes are
pulled from the pool. the byte count does not, thus the pool is not
empty when /dev/random blocks, it just has no "entropy".

on a diskless/headless system, there are no devices to feed the entropy
pool. thus this patch, which is a lifesaver for some, as Rik pointed
out.

or maybe you are like me, and on a personal LAN or dont care about
external attackers trying to guess your /dev/random, and just want
another source of entropy to boost your self-esteem.

i would like to see this in the mainline kernel. i posted a 2.4.8-pre
patch early, i will rediff for 2.4.9 asap.

fyi, i am considering rewriting the patch. Alex Bligh and I had a
discussion where he suggested a sysctl/proc interface to toggle the
option. this would add post-compile code to the kernel, but allow
greater flexibility.

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:29 EST