Re: [PATCH] random: add blocking facility to urandom
From: Steve Grubb
Date: Thu Sep 08 2011 - 07:49:18 EST
On Thursday, September 08, 2011 04:44:20 AM Christoph Hellwig wrote:
> On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
> > And exactly that is the concern from organizations like BSI. Their
> > cryptographer's concern is that due to the volume of data that you can
> > extract from /dev/urandom, you may find cycles or patterns that increase
> > the probability to guess the next random value compared to brute force
> > attack. Note, it is all about probabilities.
>
> So don't use /dev/urandom if you don't like the behaviour. Breaking all
> existing application because of a certification is simply not an option.
This patch does not _break_ all existing applications. If a system were under attack,
they might pause momentarily, but they do not break. Please, try the patch and use a
nice large number like 2000000 and see for yourself. Right now, everyone arguing about
this breaking things have not tried it to see if in fact things do break and how they
break if they do.
-Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/