Andi Kleen wrote:
quoted text
> Herbert Xu wrote:
>   
>>
>> You can continue to feed data into the pool even if it fails the
>> test.  You just keep the entropy value same as before.
>>     
>
> You could do that, but what advantage would it have? I don't think it's
> worth running the FIPS test, or rather requiring the user land daemon
> and leaving behind most of the userbase just for this.
>   
Security through obfuscation?
Someone trying to predict the RNG can do so in theory, but if
they have to keep track of network timings, disk activity, and 5 other 
things, then
chances are that they fail ofen enough even if the attack is possible 
"in theory".

Helge Hafting
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html