On Wed, 2001-11-28 at 22:13, Ken Brownfield wrote:>
> Seconded. Off by default and with appropriate security caveats in the
> Configure.help section, which Robert has already mentioned.
>
> It's pretty critical given the burgeoning amount of cryptography in
> production environments where entropy from disk I/O is essentially
> non-existent. The security concerns are very valid, but many trade-offs
> are worth it, IMHO. I will most likely be dead in the water soon unless
> I start using this patch in certain places.
For those interested, the patch is at
ftp://ftp.kernel.org/pub/linux/kernel/people/rml/netdev-random
I want to point out that _without_ this patch, there are network devices
that feed the entropy pool. In other words, this patch standardizes the
situation.
If you don't want net devices contributing, accept the default.
If you do, enable the configure setting and they all will contribute to
/dev/random. This has uses in diskless/headless configurations, etc.
> On Wed, Nov 28, 2001 at 06:56:01PM -0800, Mike Fedyk wrote:
> | Any chance you'll merge Robert's netdev-random uniformity cleanup
> | patch with the default to "no"?
Robert Love
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 30 2001 - 21:00:33 EST