Re: monitoring entropy

Ingo Molnar (mingo@pc7537.hil.siemens.at)
Wed, 15 Oct 1997 00:41:26 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kurt Garloff: "Re: 2 questions - ATX power-off + submissions"
Previous message: Ingo Molnar: "Re: monitoring entropy"

On Tue, 14 Oct 1997, Raul Miller wrote:

> Ingo Molnar <mingo@pc7537.hil.siemens.at> wrote:
> > user-space needs entropy only for things like PGP key generation or SSH
> > key generation, so these restrictions do not look like to be a problem,
> > and IMO they defeat all user-space pool-draining attacks.
>
> Counterexample: ftp://koobera.math.uic.edu/pub/software/sigs-0.50.tar.gz
> uses a lot of entropy for secret key generation.

but it's not at all secret anymore if you drain the pool? i think 'lossy'
(nonblocking) entropy generation should go into libc, not into the kernel!

-- mingo

Next message: Kurt Garloff: "Re: 2 questions - ATX power-off + submissions"
Previous message: Ingo Molnar: "Re: monitoring entropy"