Jeff et al.,
>> However, only 3 drivers in drivers/net actually set
>> SA_SAMPLE_RANDOM when calling request_irq(). I believe
>> all of them should.
>
> No, because an attacker can potentially control input and make it
> non-random.
Point taken but:
1. In that case, if we follow your logic, no drivers (rather than 3
arbitrary ones) should set SA_SAMPLE_RANDOM
2. Given that otherwise in at least my application (and machine
without keyboard and mouse can't be too uncommon) there is *no*
entropy otherwise, which is rather easier for a hacker. At least
with entropy from a (albeit predictable) network, his attack
is going to shift the state of the seed (in an albeit predictable
manner), though he's going to have to make some accurate guesses
each time about the forwarding delay of the router in front of it,
and the stream of other packets hitting the server. I'd rather rely
on this, than rely on cron (which is effectively what is driving
any disk entropy every few minutes and is extremely predictable).
-- Alex Bligh - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 15 2001 - 21:00:10 EST