Re: [PATCH] Re: [PATCH] drivers/net: remove network drivers' lastfew uses of IRQF_SAMPLE_RANDOM

From: Adrian Bunk
Date: Fri May 16 2008 - 09:22:50 EST


On Fri, May 16, 2008 at 12:19:49PM +0200, Andi Kleen wrote:
>...
> The only problem you got from possible bogus input is that the entropy
> counts will be wrong, but in my experience nearly all programs
> use /dev/urandom anyways because /dev/random is just a DoS waiting
> to happen and user space programmers know that.
>...

If programs just need some random data without relying on the fact that
it's cryptographically strong /dev/urandom is the right choice.

But some programs need entropy for doing crypto stuff, and a local DoS
is harmless compared to the consequences of bad /dev/random data.

Consider as a worst case the just discovered OpenSSL bug in Debian where
all accounts with public key authentification and keys created on a
Debian/Ubuntu system during the last 20 months [1] can be taken over by
an attacker within less than 20 minutes with a simple brute force
attack. [2]

> -Andi

cu
Adrian

[1] 13 months for Debian stable users
[2] http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-05/msg00416.html

--

"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/