> There are hidden sources of entropy. One is clock skew between the keyboard
> processor's clock, the keyboard controller's clock, and the CPU clock
> generator's PLL. Another is data motion between the CPU cache and main
In the RFC 1750, they write it is not recommended to rely on computer clocks to
generate random. Isn't it this case?
> > depends solely on the network packets. These can be manipulated and their
> > leading edge precisely sniffed. I think here exists a severe risk of
> > compromise. Am I right?
>
> Nope. There is no way to sniff their leading edge accurate to a billionth
> of a second. If you have a 1Ghz Pentium 3, that's the accuracy you'd need.
But it reduces the entropy. When I have a 486/66 and sniff packets accurately to
3MHz, only 4 bits remain. These bits need not to show a uniform distribution so
it could be even easier to guess them.
Clock
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:20 EST