>> obviously some people fear NICs feeding entropy provides a hazard. for
>> those who dont, or are increadibly low on entropy, enable the
>> configuration option.
>
> Why don't those who aren't worried about whether they _really_ have enough
> entropy simply use /dev/urandom?
This is not the issue; some of use _are_ worried whether or not we
have enough entropy (and want a read that blocks until sufficient
additional entropy arrives if entropy is insufficient), but don't have
sources of enough sources of entropy (e.g. on an idling machine where
everything is cached) if one does not allow network IRQ's to
generate entropy. In doing the latter, we do (admittedly) make
the assumption that they are valid sources of entropy (see discussion
past as to why this might or might not be the case), but using /dev/urandom
rather /dev/random will ALWAYS give a less random result in low entropy
situations.
IE I want to use the entropy calcs; I consider network IRQ spacing to be
sufficiently random and unobservable for them to be a valid source
of entropy, and (as the advantages doing so for various configs have
been widely documentated elsewhere) think that there should be a
config option (or /proc option) to support this. I do /not/ want to
ignore entropy calcs entirely (i.e. use /dev/urandom).
-- Alex Bligh - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:32 EST