From: Rob Landley <rob@landley.net>
To: user-mode-linux-devel@lists.sourceforge.net
Cc: Jeff Dike <jdike@addtoit.com>,
akpm@osdl.org, linux-kernel@vger.kernel.org
Subject: Re: [uml-devel] [PATCH 3/9] UML - "Hardware" random number generator
Date: Thu, 10 Mar 2005 13:41:37 -0500 [thread overview]
Message-ID: <200503101341.37346.rob@landley.net> (raw)
In-Reply-To: <200503100215.j2A2FuDN015227@ccure.user-mode-linux.org>
On Wednesday 09 March 2005 09:15 pm, Jeff Dike wrote:
> This implements a hardware random number generator for UML which attaches
> itself to the host's /dev/random.
Direct use of /dev/random always makes me nervous. I've had a recurring
problem with /dev/random blocking, and generally configure as much as
possible to use /dev/urandom instead. It's really easy for a normal user to
drain the /dev/random entropy pool on a server (at least one that doesn't
have a sound card you can tell it to read white noise from). cat /dev/random
> /dev/null
I like /dev/urandom because it'll feed you as much entropy as it's got, but
won't block, and will presumably round-robin insert real entropy in the
streams that multiple users get from /dev/urandom. (I realize this may not
be the best place to get gpg keys from.)
I'm just thinking about those UML hosting farms, with several UML instances
per machine, on machines which haven't got a keyboard attached constantly
feeding entropy into the pool. If just ONE of them is serving ssl
connections from its own /dev/urandom, that would drain the /dev/random
entropy pool on the host machine almost immediately...
Admittedly if UML used /dev/urandom instead of /dev/random, it wouldn't know
how much "real" randomness it was getting and how much synthetic randomness,
but this makes predicting the numbers it's producing easier how?
Rob
next prev parent reply other threads:[~2005-03-11 3:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-10 2:15 [PATCH 3/9] UML - "Hardware" random number generator Jeff Dike
2005-03-10 18:41 ` Rob Landley [this message]
2005-03-11 18:45 ` [uml-devel] " Jeff Dike
2005-03-11 19:04 ` Chris Friesen
2005-03-11 18:54 ` Blaisorblade
2005-03-11 20:23 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200503101341.37346.rob@landley.net \
--to=rob@landley.net \
--cc=akpm@osdl.org \
--cc=jdike@addtoit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox