Re: [PATCH 7/14] random: Remove SA_SAMPLE_RANDOM from network drivers

From: Bill Davidsen
Date: Wed May 31 2006 - 15:27:32 EST

Next message: Martin Bligh: "2.6.17-rc5-mm1 panic on p-series"
Previous message: Roland Dreier: "Re: [PATCH 1/2] iWARP Connection Manager."
In reply to: Theodore Tso: "Re: [PATCH 7/14] random: Remove SA_SAMPLE_RANDOM from network drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Theodore Tso wrote:

On Thu, May 25, 2006 at 12:47:18AM +0200, Marcin Dalecki wrote:
Anytime you start to make unquantified assumptions in the context of
/ dev/random the issue turns up that this whole thing is not worth
the trouble because much simpler approaches will be sufficient
enough to acomplish what it does. On the other hand you can't
provide any actual full analysis of it's behaviour - which is just
*not acceptable* for anybody trully concerned. And this in
conjunction makes the WHOLE idea behind it questionable.

Nobody can provide any kind of full analysis about whether or not
SHA-2 or AES is secure, either. Does that we mean we just give up and
go home? No, we do the best job we can, with the best information we
have. Sometimes that means we have to make assumptions, but the
entire construction of AES and SHA-2 is based on similar assumptions,
too.

Academics who make "full analysis" generally use as axioms things like
"assume MD5 is secure" or "assume SHA-1 is secure", which are really
fancy assumptions. If we had used a "simpler approaches" based such
axioms we might have been in trouble. So I think some of the analysis
and designs choices that I made in /dev/random is most definitely
worth the trouble.

Regards,

- Ted

As usual I agree with you, for lack of a really good random source it's worth doing the best possible job with what's available. Would be nice to have a cheap USB bit babbler, tho.

--
Bill Davidsen <davidsen@xxxxxxx>
Obscure bug of 2004: BASH BUFFER OVERFLOW - if bash is being run by a
normal user and is setuid root, with the "vi" line edit mode selected,
and the character set is "big5," an off-by-one errors occurs during
wildcard (glob) expansion.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Bligh: "2.6.17-rc5-mm1 panic on p-series"
Previous message: Roland Dreier: "Re: [PATCH 1/2] iWARP Connection Manager."
In reply to: Theodore Tso: "Re: [PATCH 7/14] random: Remove SA_SAMPLE_RANDOM from network drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]