Re: CONFIG_RANDOM (compromise?)

Theodore Y. Ts'o (tytso@mit.edu)
Thu, 16 May 1996 18:58:48 -0400


From: Albert Cahalan <albert@ccs.neu.edu>
Date: Thu, 16 May 1996 14:18:13 -0400 (EDT)

Ted, you should write a light version of /dev/random. If you don't,
someone else will write one based on a really _bad_ pseudo-random
number generator or will even just get rid of /dev/random completely.
(Well, it's already been done! You'd better hurry if you want to
save /dev/random from obscurity.)

Well, at some level I'm assuming that Linus will have enough sense that
he won't allow something stupid to go into the mainline kernel.

Putting in a light version of /dev/random is an extremely bad idea,
because now the application won't know whether or not /dev/random is
really secure, and so applications won't use it.

A very large number of the newbies will have new computers --- purchase
of new computers, like many things in the computer industry, is
following an exponential growth curve still.

If some hacker wants do something stupid to their own kernel, like
disable /proc, or System V IPC (which will do really amusing things,
since most people are using an Init which requires it), or disable
/dev/random, they can do it by hacking the kernel source. But we
shouldn't make it easy for people to hurt themselves.

You are asking for 16kB of unswappable kernel memory on every Linux

On a 4 megabyte machine, that's 0.4% of memory. On a 16 megabyte
machine, that's 0.09% of memory. The kernel on my machine (which is
using modules, so the actual running kernel is uses much more memory) is
768k unpacked. 16kb of that is 2% of the entire kernel.

Can you say "much ado about nothing?" I knew you could....

- Ted