Re: [PATCH] random: add blocking facility to urandom

From: Nikos Mavrogiannopoulos
Date: Wed Sep 07 2011 - 17:20:42 EST

Next message: Jeremy Fitzhardinge: "Re: [PATCH] xen: disable PV spinlocks on HVM"
Previous message: Ted Ts'o: "Re: [PATCH] random: add blocking facility to urandom"
In reply to: Ted Ts'o: "Re: [PATCH] random: add blocking facility to urandom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/07/2011 10:02 PM, Steve Grubb wrote:

When a system is underattack, do you really want to be using a PRNG
for anything like seeding openssl? Because a PRNG is what urandom
degrades into when its attacked.

Using a PRNG is not a problem. Making sure it is well seeded and no
input from the attacker can compromise its state are the difficult
parts. Making predictable estimates and blocking when your estimates are
off, makes it a good target for DoS. When your system is under attack,
you want to use your services. If they block then the attack might
have just been successful.

regards,
Nikos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Fitzhardinge: "Re: [PATCH] xen: disable PV spinlocks on HVM"
Previous message: Ted Ts'o: "Re: [PATCH] random: add blocking facility to urandom"
In reply to: Ted Ts'o: "Re: [PATCH] random: add blocking facility to urandom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]