Re: monitoring entropy

Michael K. Johnson (johnsonm@redhat.com)
Wed, 15 Oct 1997 10:54:24 +0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Colin Plumb: "Re: monitoring entropy"
Previous message: nospam-seesignature@ceddec.com: "Re: monitoring entropy"
Maybe in reply to: Colin Plumb: "monitoring entropy"
Next in thread: Theodore Y. Ts'o: "Re: monitoring entropy"
Reply: Theodore Y. Ts'o: "Re: monitoring entropy"

"Jeffrey B. Siegal" writes:
>While we're on the topic of /dev/random, shouldn't the saved state file be
>readable only by root (to prevent knowledge of the starting state stored in
>the file combined with knowledge of the startup sequence from yielding
>information about the resulting state of the randomizer)? There is no
>mention of this in the comments in random.c, and RedHat release 4.2 (based on
>2.0.30) leaves the file readable by all.

I'll answer here, despite this not being absolutely a kernel issue...

Well, it's not a big deal, since that stored entropy is not counted in the
entropy count, it's only added entropy, stirred in to the pool. It does
not replace the current state of the pool. So it being visible isn't a
serious problem. That's probably why Ted didn't make it mode 600 when he
wrote the script.

However, future initscripts packages we release (except for possible
security updates to 4.2, which are on a different branch) will set
the saved entropy pool state to mode 600. That way no one else will
worry about it. :-)

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
prudent as the heavy petting of literature." -- Fran Lebowitz

Next message: Colin Plumb: "Re: monitoring entropy"
Previous message: nospam-seesignature@ceddec.com: "Re: monitoring entropy"
Maybe in reply to: Colin Plumb: "monitoring entropy"
Next in thread: Theodore Y. Ts'o: "Re: monitoring entropy"
Reply: Theodore Y. Ts'o: "Re: monitoring entropy"