Alex Bligh - linux-kernel wrote:
> The machine in question is locked in a data center (can't be
> the only one) and thus sees none of the former two. IDE Entropy
> comes from executed IDE commands. The disk is physically largely
> inactive due to caching. But there's plenty of network traffic
> which should generate IRQs.
Use a hardware random number generator if you need a lot of entropy.
The i810 RNG driver and userspace tools at
http://sourceforge.net/project/gkernel/ provide an example for an
implementation, if your hardware is not i8xx.
> However, only 3 drivers in drivers/net actually set
> SA_SAMPLE_RANDOM when calling request_irq(). I believe
> all of them should.
No, because an attacker can potentially control input and make it
non-random.
Jeff
-- Jeff Garzik | Sam: "Mind if I drive?" Building 1024 | Max: "Not if you don't mind me clawing at the dash MandrakeSoft | and shrieking like a cheerleader." - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 15 2001 - 21:00:10 EST