Re: [PATCH] [3/4] /dev/random: Use separate entropy store for /dev/urandom

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matt Mackall <mpm@selenic.com>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] [3/4] /dev/random: Use separate entropy store for /dev/urandom
Date: Tue, 24 Aug 2004 16:22:08 -0500	[thread overview]
Message-ID: <20040824212208.GH5414@waste.org> (raw)
In-Reply-To: <E1By1Sq-0001TP-BV@thunk.org>

On Fri, Aug 20, 2004 at 12:57:20AM -0400, Theodore Ts'o wrote:
> 
> This patch adds a separate pool for use with /dev/urandom.  This
> prevents a /dev/urandom read from being able to completely drain the
> entropy in the /dev/random pool, and also makes it much more difficult
> for an attacker to carry out a state extension attack.

My version of this went a step further. We want to at all times ensure
that there's enough data to do a full catastrophic reseed in the
blocking pool, so we have to assure we're never drawing below that
point when doing reads for urandom.

-- 
Mathematics is the supreme nostalgia of our time.

next prev parent reply	other threads:[~2004-08-24 21:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-20  4:57 [PATCH] [3/4] /dev/random: Use separate entropy store for /dev/urandom Theodore Ts'o
2004-08-24 21:22 ` Matt Mackall [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-08-28 10:29 Balint Marton
2004-08-30  2:10 ` Theodore Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040824212208.GH5414@waste.org \
    --to=mpm@selenic.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.