Re: /dev/random on Linux

From: Christopher Friesen
Date: Tue May 16 2006 - 11:04:12 EST

Pavel Machek wrote:

I was unsure about the purported forward-security-breakage claims because I don't know how to validate those, but I seem to recall (from personal knowledge and the paper) that the kernel does an SHA1 hash of the contents of the pool and the current cycle-counter when reading, uses that as input for the next pool state and returns it as /dev/random output. Since the exact cycle-counter value is never exposed outside the kernel and only a small window of the previous

Are you sure? For vsyscalls to work, rdtsc has to be available from
userspace, no?

I suspect he means "the exact cycle counter value at the time of reading the contents of the pool" is never exposed outside the kernel.

"rdtsc" is of course available in userspace on x86.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at