Re: CONFIG_RANDOM (compromise?)

Jamie Lokier (jamie@rebellion.co.uk)
Tue, 21 May 96 21:44 BST


I have a suggestion which might make everyone reasonably happy.
How about:

1. Make that part of random.o which is /dev/random and /dev/urandom
into a loadable module (demand loaded using kerneld, of course).

2. Collect entropy into the pool at all times, even when the module
isn't loaded. This code is really quite small, as is the entropy
pool itself, so this shouldn't bother anyone too much.

It might be worth not actually mixing, or estimating the amount of
entropy contributed, until the module is loaded. This would make
the code smaller (and presumably a little faster) in order to
pacify those who care. It would make the pool larger for the same
entropy though, so may not be worthwhile.

3. Make the use of randomness for TCP sequence numbers some kind of
firewall option. When enabled, it requires the module to be
loaded. Those who care about their connection to the Internet,
especially routers, should be aware of such things.

4. BOOTP should use randomness only when it is available. This means
only if it is compiled in, or if BOOTP becomes a module loaded with
initrd, when the random.o module is loaded.

This is the best of both worlds: no 16k of code most of the time, but
/dev/random and /dev/urandom are available whenever they are required,
and there is always some entropy available when an application wants
it.

Enjoy,
-- Jamie Lokier