Re: IRQF_SAMPLE_RANDOM question...

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Garzik <jeff@garzik.org>
To: Matt Mackall <mpm@selenic.com>
Cc: Sven-Haegar Koch <haegar@sdinet.de>,
	Robin Getz <rgetz@blackfin.uclinux.org>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	Chris Peterson <cpeterso@cpeterso.com>
Subject: Re: IRQF_SAMPLE_RANDOM question...
Date: Mon, 06 Apr 2009 20:30:59 -0400	[thread overview]
Message-ID: <49DA9EC3.4060903@garzik.org> (raw)
In-Reply-To: <1239063404.14392.118.camel@calx>

Matt Mackall wrote:
> On Tue, 2009-04-07 at 00:09 +0200, Sven-Haegar Koch wrote:
>> On Mon, 6 Apr 2009, Matt Mackall wrote:
>>
>>> On Mon, 2009-04-06 at 14:30 -0400, Robin Getz wrote:
>>>> We have lots of embedded headless systems (no keyboard/mouse, no soundcard, no 
>>>> video) systems with *no* sources of entropy - and people using SSL.
>>> I'd rather add a random_sample_network call somewhere reasonably central
>>> in the network stack. Then we can use the knowledge that the sample is
>>> network-connected in the random core to decide how to measure its
>>> entropy. The trouble with IRQF_SAMPLE_RANDOM is that many of its users
>>> are technically bogus as entropy sources in the current model.
>>>
>>> I'm eventually going to move the RNG away from the strict theoretical
>>> entropy accounting model to a more pragmatic one which will be much
>>> happier with iffy entropy sources, but that's a ways off.
>> Btw, perhaps not the perfect question in this thread:
>> But what should we use to keep servers running without a hardware rng 
>> available and without any external input besides the network?
>> After having ssh and openvpn die because of no random and having 
>> the machines like dead and unreachable for me I use "ln -sf 
>> /dev/urandom /dev/random", but that does not feel so good.
> 
> It's fine so long as you're not wearing a tinfoil hat. In fact, as
> the /dev/random maintainer, I'd recommend it.
> 
> Ted and I have recently been talking about revisiting the design
> of /dev/random to avoid these sorts of issues.


Two points...

- while I would welcome a more pragmatic entropy accounting model,

- it seems misplaced to _solely_ address network entropy problems 
(timer-based regularity, external visibility and access) within the 
devrandom machinery.

IRQF_SAMPLE_RANDOM in network drivers IMO just gives users a false sense 
of security about their entropy.

And more fundamentally, IRQF_SAMPLE_RANDOM should never be used on a 
non-random source.

	Jeff

next prev parent reply	other threads:[~2009-04-07  0:31 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-04-06 18:30 IRQF_SAMPLE_RANDOM question Robin Getz
2009-04-06 18:40 ` Jeff Garzik
2009-04-06 18:44   ` Stephen Hemminger
2009-04-06 18:49     ` Jeff Garzik
2009-04-07  8:27       ` Jeremy Fitzhardinge
2009-04-06 19:22   ` Robin Getz
2009-04-06 19:00 ` Alan Cox
2009-04-06 19:01 ` Matt Mackall
2009-04-06 22:09   ` Sven-Haegar Koch
2009-04-06 23:35     ` Jeff Garzik
2009-04-07 21:58       ` Robin Getz
2009-04-07 22:25         ` Jeff Garzik
2009-04-07  0:16     ` Matt Mackall
2009-04-07  0:30       ` Jeff Garzik [this message]
2009-04-07 11:16   ` Robin Getz
2009-04-07 14:57     ` Matt Mackall
2009-04-07 21:39       ` Chris Peterson
2009-04-07 22:30         ` Robin Getz
2009-04-08 21:53           ` Gilles Espinasse
2009-04-08 23:16             ` Chris Friesen
2009-04-09  4:24               ` Robin Getz
2009-04-07 21:44       ` Robin Getz
2009-04-08 19:51         ` Matt Mackall
2009-04-09 13:54           ` Robin Getz
2009-04-09 17:00             ` Matt Mackall
2009-04-10  0:41               ` Robin Getz
2009-04-10  1:29               ` Chris Peterson
2009-04-10  2:27                 ` Matt Mackall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49DA9EC3.4060903@garzik.org \
    --to=jeff@garzik.org \
    --cc=cpeterso@cpeterso.com \
    --cc=haegar@sdinet.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=netdev@vger.kernel.org \
    --cc=rgetz@blackfin.uclinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.