> Savochkin Andrey Vladimirovich <saw@msu.ru> said:
>
> [...]
>
> > Now we have a strong RND based generator for the first ID for a peer. But
> > its fairly slow (MD4 hash) and can't be used for every packet. Strength of
> > the generator and requirements for a guaranteed long period contradicts each
> > other.
>
> Wasn't the /dev/random stuff invented exactly for this kind of uses? I'd
> assume you can bypass the MD hash here, and just steal a byte or two
> directly from the entropy pool.
First that would allow an attacker to guess the state of the entropy pool
(letting him predict future /dev/urandom output yuck, cracking your session
keys). Normal /dev/random uses an hash to prevent exactly that.
And you need 2 bytes (16bit) per packet. For fast or gigabit ethernet you
would need several hundred KB of entropy per minute. Where you get that much
entropy from?
/dev/u?random is really only good for seeding fast RNDs, not replacing them.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/