On Mon, 24 Jan 2000, Jeff Garzik wrote:
> Frank v Waveren wrote:
> > Am I missing something here? I thought that you could mix all the non-random
> > numbers you want into the entropy pool (long live xor), and it will never make
> > the entropy worse? So I'd say mixing in the RNG won't do any harm, so why not?
>
> Read the intro text in drivers/char/random.c...
>
> If the RNG provides a lot more data than other entropy sources, it can
> throw things out of whack.
Thats beyond paranoia.
The source mentions a malicious attacker, but if such an attacker has
control of the thermal generator in your system you have bigger problems.
If this is indeed a concern, perhaps a more secure 'stir-in' function in
needed.
Rember:
If X xor Y = Z, and Y has an uncertanty of zero then Z has the same
uncertanty of X.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:12 EST