Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Jesper Juhl <jesper.juhl@...>
Cc: Adrian Bunk <bunk@...>, Brandeburg, Jesse <jesse.brandeburg@...>, Alan Cox <alan@...>, Chris Peterson <cpeterso@...>, <jeff@...>, <netdev@...>, <linux-kernel@...>, <mpm@...>
Date: Thursday, May 15, 2008 - 6:34 pm

On Fri, May 16, 2008 at 12:13:39AM +0200, Jesper Juhl wrote:

It Depends.

For certain workloads, a lot of these issues might just boil out, or
not result in as much entropy as you think.  Think about a certificate
server which doesn't get much traffic, but when it is contacted, it is
expected to create new high security RSA keys and the public key
certificates to go with it.  If the attacker knows the machine type,
distribution OS loaded, etc., it might not be that hard to brute force
guess many of the factors you have listed above.

Basically the question has always been one of the overhead to collect
and boil down any input data (which after all, any user space process
can send arbitrary data into the entropy pool via "cat my_secret_data
is estimating how much "entropy" should be ascribed to data which is
sent into the entropy pool, and this is where you have to be very
careful.

If you screw the entropy credit information then security of
/dev/random will be impacted.  /dev/urandom won't be impacted since it
doesn't care about the entropy estimation.  That's why only root is
allowed to use the ioctl which atomically sends in some "known to be
random" data and the entropy credit ascribed to that data.

	     	     	     	    	     	- Ted
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
RE: [PATCH] drivers/net: remove network drivers' last few us..., Brandeburg, Jesse, (Thu May 15, 12:07 pm)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Theodore Tso, (Thu May 15, 6:34 pm)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Alejandro Riveira , (Mon May 26, 9:43 am)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Lennart Sorensen, (Fri May 16, 10:15 am)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Henrique de Moraes Holschuh..., (Thu May 15, 6:29 pm)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Henrique de Moraes Holschuh..., (Thu May 15, 7:58 pm)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Henrique de Moraes Holschuh..., (Thu May 15, 7:02 pm)
Re: [PATCH] drivers/net: remove network drivers' last few us..., Henrique de Moraes Holschuh..., (Thu May 15, 7:46 pm)