Re: /dev/random: really secure?

From: Peter Samuelson (peter@cadcamlab.org)
Date: Tue Dec 19 2000 - 07:48:00 EST

Next message: Daniel Phillips: "Re: [RFC] Semaphores used for daemon wakeup"
Previous message: khaled@pacificpost.com: "Presentation Layer in TCP/IP linux implementation"
In reply to: Kurt Garloff: "Re: /dev/random: really secure?"
Next in thread: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Kurt Garloff]
> It should not be world-writeable, IMHO. So the only one who can feed
> entropy there is root, who should know aht (s)he's doing ...

No, it is *good* to allow users to add entropy to the RNG pool, but it
is *bad* to assume that it is in fact entropy.

The beauty of cryptographic hashes is that the user can't *decrease*
the total entropy, even with 'cat /dev/zero > /dev/random'. All he can
do by adding to the pool is *increase* your confidence that you do in
fact have at least the estimated amount of randomness. The more
"untrusted" entropy you feed into the pool, the less it will matter (in
practical terms) if in the future a "trusted" source is compromised.

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Phillips: "Re: [RFC] Semaphores used for daemon wakeup"
Previous message: khaled@pacificpost.com: "Presentation Layer in TCP/IP linux implementation"
In reply to: Kurt Garloff: "Re: /dev/random: really secure?"
Next in thread: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:24 EST