Re: [PATCH] Re: [PATCH] drivers/net: remove network drivers' lastfew uses of IRQF_SAMPLE_RANDOM
From: Arjan van de Ven
Date: Sat May 17 2008 - 16:06:34 EST
On Sat, 17 May 2008 12:54:02 -0700
"Chris Peterson" <cpeterso@xxxxxxxxxxxx> wrote:
> Andi, can you please clarify what you mean by "auto-feeding
> /dev/urandom only" and "only get blocking /dev/random with the user
> daemon"? Are you suggesting that the kernel provides /dev/urandom and
> a userspace daemon (e.g. EGD) provides /dev/random?
>
> Also, if crypto apps like ssh and openssl use on "insecure"
> /dev/urandom, then who actually relies on /dev/random?
gpg does for key generation
> For comparison,
> FreeBSD does not even (AFAIK) have /dev/urandom. FreeBSD's /dev/random
> is nonblocking (like Linux's /dev/urandom) and includes network
> entropy.
>
I think the big kicker is the difference between a session key (short
lived) and a "real" key such as a gpg key that lives for a long time
and is used for multile sessions and with different users (in crypto
speak, Alice uses the same random key for Bob, Charlotte and David and
potentially for a long time). For a session key, urandom is very likely
an acceptable compromise; there's only so much data it's used for.
For long term keys I can totally see why /dev/random is used instead.
So both have value, just in different circumstances.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/