Re: CONFIG_RANDOM option for 1.99.2

Martin.Dalecki (dalecki@namu24.Num.Math.Uni-Goettingen.de)
Fri, 17 May 1996 17:42:35 +0200 (MET DST)


On Fri, 17 May 1996, Theodore Y. Ts'o wrote:

> Date: Fri, 17 May 1996 09:08:41 +0200 (MET DST)
> From: "Martin.Dalecki" <dalecki@namu23.Num.Math.Uni-Goettingen.de>
>
> HERE IS AN IDEA HOW TO GET RICH VERY EASY:
>
> 1. Grab the kernel sources.
> 2. Fake random.c, so that it is using an deterministic algorithm for
> generation of random numbers, which is *very well* know by
> You, instead of the strong random number generater.
> 3. Sell it as often as You can.
>
> This is why the GPL on the Linux kernel is so important. Since the ISP
> will have to provide source with his kernel, it will be possible for
> someone to notice his duplicity. Remember, it only takes one person to
> notice, so the more successful the ISP is at "selling" his Linux, the
> more likely someone will be to notice that he's hacked /dev/random.
>

I was thinking about an one or two man company, selling the boxes to Joe's.
I didn't obviously think of some major player doing this.

> You are a stupid graduate student who should have been flunked out,
> because you don't know the first thing about Monte Carlo methods. For
> Monte Carlo methods, you don't need cryptographically random numbers.
> You need statistically random numbers --- and there's a difference.
>

You are no prophet and You don't know who I am and what I know.
In fact YOU MADE A STATEMANY about Your's personal character.
I never figured out what this graduate really means in the USA.
Oh just a bit of logic please: I didn't tell I used /dev/random to seed
some uniformly distributed series to get the grid of some Montecarlo
integration *directly* from it.

I really don't like to be called stiuped.

You are speakig about uniformly distributed series? Just a quiz: do You
know who Stanis\law Ulam was!?

> /dev/random is used in places where you need cryptographic random
> numbers. This occurs in random key generation, and there is also a
> related use in generating secure TCP initial sequence numbers, which
> will help prevent some cookbook TCP connection hijacking attacks.

> If you start looking at the future, especially with how much excitement
> electronic commerce is starting to raise, it would be really, really
> nice for Linux to have built-in support for the cryptography needed to
> support electronic commerce applications. /dev/random is necessary for

> that. Besides, wouldn't it be nice if Netscape's random number
> generator was something that we could audit and improve

I bet my d*tch: Netscape will never make it public!

> You never connect to the Internet? (How are you reading e-mail, then?)

I do it through DEEP MEDITATION my carma makes it possible.... at the
mathematical stuff here, which isn't in fact my home.

> You're never going to use PGP to secure your e-mail? (I have patches to
> allow PGP to use /dev/random)

No I don't use PGP at all. Simply becouse I generally prefer to
communicate personal things under four eyes. It's just a habit. Im not
spending my whole days sitting the whole time in from of CRC displays. I
do it just from time to time.

> You mean you never use the Web?
> You're never going to purchase anything electronically?

Never say never. And don't suggest this would become impossible
wihout random.c
The USA isn't the whole world Theodore. (All Americans
please don't shout .... it's just a tautology.)

>
> Then you're part of the past, not the future.

And You are Batman.

I suppose that in terms of the actual age You are the past not me.
(Sorry for beeing in any way personal, but You really called me stiuped).

> Has it ever occured to you that because your arguments are lazily
> formulated, they might just be out-and-out wrong? Think about it.
>
> - Ted

My lazy formulations are sometimes mostly due to may not quite perfect
english. I know very well about this. My appologies. The last statement was
only intended to emphasize that I'm really intended in some discussion.
I never sayed that You should throw random.c as far a way as you can. No
my point was allways that I'm feeling that it is real overkill or garbage
when You are not interrested in obsciurity of Your system.
(Once again my excuses in advance when using not the appriopriate english
formulation.)
So I would it like to seed some option to make life more comfortable.

You are allways talking that it *will* be *very* usable in the future. You
are getting more and more personal. But please just tell me:

1. Who needs a hardware dependant random number generator, who is using
Linux at his home without beeing connected to the net?
2. Pleas tell me WHERE IT IS USED BY NOW in essential places where the
functionality couldn't be replaced by some other method not involving the
kernel. And in fact not using that much of resources. Yes I know it's
used in BOOTP... but You know propably better
then mine that its not really needed there.
3. The observation is an fact that on systems with engouht RAM which
are running without any human interventions, like hammering on the
keyboard or lurking with the mouse, the random.c runs as a better MD5
/ SHR algorithm.
4. Please tell me which of the randomness sources couldn't be used in a
user land programm to gather exactly the same entropy.
5. Rember about the evolution of some other free software.
I think they are a lot of things which can be done in the kernel. But
allways keep thinking about the balance between the gain end effort.
I wouldn't like to see Linux becoming more and more overfeatured.

Please keep cool. I suppose You are very involved in cryptography and
security and therelike. But keep in mind: You are not the only person
on this world. What You consider VITAL TO SAVE THE WHOLE may be
looking like just a nice option to others.

Marcin