Re: Sources of entropy - /dev/random problem for network servers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Garzik <jgarzik@mandrakesoft.com>
To: Alex Bligh - linux-kernel <linux-kernel@alex.org.uk>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Sources of entropy - /dev/random problem for network servers
Date: Sun, 08 Apr 2001 19:33:39 -0400	[thread overview]
Message-ID: <3AD0F553.BE6BBF71@mandrakesoft.com> (raw)
In-Reply-To: <1457842476.986773581@[195.224.237.69]>

Alex Bligh - linux-kernel wrote:
> The machine in question is locked in a data center (can't be
> the only one) and thus sees none of the former two. IDE Entropy
> comes from executed IDE commands. The disk is physically largely
> inactive due to caching. But there's plenty of network traffic
> which should generate IRQs.

Use a hardware random number generator if you need a lot of entropy. 
The i810 RNG driver and userspace tools at
http://sourceforge.net/project/gkernel/ provide an example for an
implementation, if your hardware is not i8xx.


> However, only 3 drivers in drivers/net actually set
> SA_SAMPLE_RANDOM when calling request_irq(). I believe
> all of them should.

No, because an attacker can potentially control input and make it
non-random.

	Jeff


-- 
Jeff Garzik       | Sam: "Mind if I drive?"
Building 1024     | Max: "Not if you don't mind me clawing at the dash
MandrakeSoft      |       and shrieking like a cheerleader."

next prev parent reply	other threads:[~2001-04-08 23:34 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-04-08 22:46 Sources of entropy - /dev/random problem for network servers Alex Bligh - linux-kernel
2001-04-08 23:33 ` Jeff Garzik [this message]
2001-04-09  7:59   ` Alex Bligh - linux-kernel
2001-04-09  0:15 ` Andi Kleen
2001-04-09  6:17 ` David Wagner
  -- strict thread matches above, loose matches on Subject: below --
2001-04-09 11:04 Heusden, Folkert van
2001-04-10  5:37 ` idalton
2001-04-10 13:56 Heusden, Folkert van

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3AD0F553.BE6BBF71@mandrakesoft.com \
    --to=jgarzik@mandrakesoft.com \
    --cc=linux-kernel@alex.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.