From: Martin Dalecki <dalecki@evision-ventures.com>
To: Robert Love <rml@tech9.net>
Cc: Oliver Xymoron <oxymoron@waste.org>,
linux-kernel@vger.kernel.org, riel@conectiva.com.br
Subject: Re: [PATCH] let Net Devices feed Entropy, updated (1/2)
Date: Mon, 20 Aug 2001 12:02:03 +0200 [thread overview]
Message-ID: <3B80E01B.2C61FF8@evision-ventures.com> (raw)
In-Reply-To: <Pine.LNX.4.30.0108182234250.31188-100000@waste.org> <998193404.653.12.camel@phantasy>
Robert Love wrote:
>
> On 18 Aug 2001 22:36:00 -0500, Oliver Xymoron wrote:
> > But your claim is there _is_ entropy. If you think there is, go ahead and
> > use it. Via /dev/urandom. Yes, I know it's theoretically not secure, but
> > then neither is what you're proposing.
>
> I am only continuing this because I want to explain...
>
> I claim there is entropy from what? The difference between interrupts
> for net devices? Everyone agrees that there is. The issues is that an
> external attacker could influence the interrupts to the net device, and
> thus make some assumptions about the state. That is why this patch is
> configurable. Do as you please. As I said, some people want it or need
> it.
I think you are just wrong - nobody really needs this patch. /dev/random
or /dev/urandom ar *both* anyway just complete overkill in terms of
practical security. /dev/urandom is in esp silly, since it is providing
a md5 hash
implementation inside the kernel, which could be *compleatly* and
entierly
done inside user land.
> Again, /dev/urandom is just as "secure" as /dev/random. Its the same
> pool. The same stuff. Except that /dev/random blocks when the entropy
> count hits 0.
>
> Now, this count is purely theoretical, too. Its an estime of the amount
> of entropy -- lack of determinability -- in the pool of bytes.
Wrong. Don't let you confuse yourself by the way the term entropy is
used in
the documentation of /dev/random - it's an abuse of the mathematical
definition anyway. The more appriopriate term there
would be: signal source variability estimate.
> Even when it reaches 0, since the pool is still unknown (only previous
> output may be known) and the output is hashed, its still pretty much
> undeterminable. But mathematically and theoretically, our entropy
> estimate says it is not.
You mean - there is no known algorithm with polynomial time
behaviour enabling us to calculate the next value of this function
from the previous ones - Not more nor less - no pysics and
entropy involved. If you assume this holds true it's mathematically
entierly sufficient that a single only seed value is not known.
next prev parent reply other threads:[~2001-08-20 10:07 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-16 4:36 [PATCH] Optionally let Net Devices feed Entropy Robert Love
2001-08-16 4:40 ` [PATCH] 2.4.9-pre4: Optionally let Net Devices feed Entropy (1/2) Robert Love
2001-08-16 4:42 ` [PATCH] 2.4.9-pre4: Optionally let Net Devices feed Entropy (2/2) Robert Love
2001-08-16 4:43 ` [PATCH] 2.4.8-ac5: let Net Devices feed Entropy (1/2) Robert Love
2001-08-16 4:44 ` [PATCH] 2.4.8-ac5: let Net Devices feed Entropy (2/2) Robert Love
2001-08-16 8:50 ` [PATCH] Optionally let Net Devices feed Entropy Francois Romieu
2001-08-16 14:50 ` Robert Love
2001-08-16 17:02 ` Francois Romieu
2001-08-16 19:28 ` Alex Bligh - linux-kernel
2001-08-16 20:19 ` D. Stimits
2001-08-17 0:47 ` Robert Love
2001-08-17 22:56 ` D. Stimits
2001-08-18 5:57 ` Robert Love
2001-08-18 17:44 ` [PATCH] let Net Devices feed Entropy, updated (1/2) Robert Love
2001-08-18 23:41 ` Oliver Xymoron
2001-08-19 0:38 ` Rik van Riel
2001-08-19 3:33 ` Oliver Xymoron
2001-08-19 3:49 ` Robert Love
2001-08-21 7:17 ` Philipp Matthias Hahn
2001-08-19 18:46 ` Mike Castle
2001-08-19 3:12 ` Robert Love
2001-08-19 3:36 ` Oliver Xymoron
2001-08-19 3:41 ` Rik van Riel
2001-08-19 3:57 ` Robert Love
2001-08-19 3:56 ` Robert Love
2001-08-19 14:43 ` lists
2001-08-19 21:34 ` Alex Bligh - linux-kernel
2001-08-19 22:08 ` Entropy from net devices - keyboard & IDE just as 'bad' [was Re: [PATCH] let Net Devices feed Entropy, updated (1/2)] Alex Bligh - linux-kernel
2001-08-19 22:18 ` Alex Bligh - linux-kernel
2001-08-19 22:30 ` David Schwartz
2001-08-19 22:38 ` Alex Bligh - linux-kernel
2001-08-19 22:46 ` David Schwartz
2001-08-20 13:25 ` Alex Bligh - linux-kernel
2001-08-20 19:48 ` David Schwartz
2001-08-21 8:50 ` Alex Bligh - linux-kernel
2001-08-21 7:49 ` David Lang
2001-08-21 9:21 ` Alex Bligh - linux-kernel
2001-08-21 10:06 ` Entropy from net devices - keyboard & IDE just as 'bad' (better timing in random.c) Johan Adolfsson
2001-08-21 18:31 ` Entropy from net devices - keyboard & IDE just as 'bad' [was Re: [PATCH] let Net Devices feed Entropy, updated (1/2)] David Wagner
2001-08-21 21:53 ` Robert Love
2001-08-21 18:29 ` David Wagner
2001-08-21 21:50 ` Robert Love
2001-08-21 21:57 ` Robert Love
2001-08-19 17:08 ` [PATCH] let Net Devices feed Entropy, updated (1/2) Oliver Xymoron
2001-08-19 18:02 ` David Madore
2001-08-19 23:47 ` Oliver Xymoron
2001-08-19 21:19 ` Alex Bligh - linux-kernel
2001-08-19 22:24 ` David Ford
2001-08-20 10:02 ` Martin Dalecki [this message]
2001-08-20 10:34 ` Johan Adolfsson
2001-08-20 10:47 ` Martin Dalecki
2001-08-20 13:07 ` Johan Adolfsson
2001-08-20 13:57 ` Alex Bligh - linux-kernel
2001-08-20 14:25 ` Martin Dalecki
2001-08-21 1:11 ` Theodore Tso
2001-08-21 1:36 ` Richard Gooch
2001-08-21 9:43 ` Martin Dalecki
2001-08-21 9:59 ` Johan Adolfsson
2001-08-21 17:19 ` Richard Gooch
2001-08-21 18:33 ` David Wagner
2001-08-21 4:33 ` Robert Love
2001-08-20 16:15 ` Robert Love
2001-08-20 16:36 ` Robert Love
2001-08-22 6:10 ` Mike Touloumtzis
2001-08-22 6:26 ` Robert Love
2001-08-22 17:27 ` Mike Touloumtzis
2001-08-22 8:54 ` Alex Bligh - linux-kernel
2001-08-22 13:47 ` Chris Friesen
2001-08-19 20:58 ` Alex Bligh - linux-kernel
2001-08-19 22:19 ` Mike Castle
2001-08-19 22:29 ` Alex Bligh - linux-kernel
2001-08-20 2:26 ` Mike Castle
2001-08-20 23:08 ` Tom Rini
2001-08-17 0:47 ` [PATCH] Optionally let Net Devices feed Entropy Robert Love
2001-08-17 14:34 ` Alex Bligh - linux-kernel
2001-08-17 0:47 ` Robert Love
2001-08-17 9:05 ` Francois Romieu
2001-08-17 15:00 ` Alex Bligh - linux-kernel
[not found] <3B80EADC.234B39F0@evision-ventures.com.suse.lists.linux.kernel>
[not found] ` <2248596630.998319423@[10.132.112.53].suse.lists.linux.kernel>
[not found] ` <3B811DD6.9648BE0E@evision-ventures.com.suse.lists.linux.kernel>
[not found] ` <20010820211107.A20957@thunk.org.suse.lists.linux.kernel>
[not found] ` <200108210136.f7L1aa008756@vindaloo.ras.ucalgary.ca.suse.lists.linux.kernel>
2001-08-21 2:14 ` [PATCH] let Net Devices feed Entropy, updated (1/2) Andi Kleen
2001-08-21 3:02 ` Paul Jakma
2001-08-21 3:12 ` Andi Kleen
2001-08-21 3:16 ` David Schwartz
2001-08-21 13:34 ` Paul Jakma
2001-08-21 18:38 ` David Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B80E01B.2C61FF8@evision-ventures.com \
--to=dalecki@evision-ventures.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oxymoron@waste.org \
--cc=riel@conectiva.com.br \
--cc=rml@tech9.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox