From: Chris Friesen <cfriesen@nortelnetworks.com>
To: David Wagner <daw@mozart.cs.berkeley.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Problem with random.c and PPC
Date: Thu, 22 Aug 2002 11:40:42 -0400 [thread overview]
Message-ID: <3D6505FA.4E7F4978@nortelnetworks.com> (raw)
In-Reply-To: ak1l8c$drl$2@abraham.cs.berkeley.edu
David Wagner wrote:
> "If you have an embedded system that is headless, etc., then your
> only remaining source of entropy is /dev/zero."
>
> Well, sometimes there is just no reliable entropy source on hand.
> Maybe it's better to admit that than to fool ourselves.
And if you could time to the nanosecond exactly when each zero was read in, and the latencies in
this reading are varying with the rest of the workload on the machine, then yes, you can get entropy
reading from /dev/zero.
I submit that if you have an attacker with the resources to model and predict your interrupt
handling down to the timing of the pci bus (ie 30 nanoseconds) from across the other end of your LAN
then you will probably have the resources to use a hardware RNG. If you don't have those resources,
chances are good that your competitors don't have the ability to do the requesite network
modelling/influencing.
It's a calculated risk, but I would argue that some security (even if theoretically compromiseable)
is better than none.
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com
next prev parent reply other threads:[~2002-08-22 15:36 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-16 10:00 Problem with random.c and PPC Jon Burgess
2002-08-16 19:52 ` Oliver Xymoron
2002-08-16 17:51 ` henrique
2002-08-16 21:21 ` Ruth Ivimey-Cook
2002-08-17 0:47 ` Oliver Xymoron
2002-08-17 0:45 ` Oliver Xymoron
2002-08-17 6:05 ` Andreas Dilger
2002-08-17 7:23 ` Oliver Xymoron
2002-08-17 9:09 ` Andreas Dilger
2002-08-17 16:56 ` Oliver Xymoron
2002-08-19 9:29 ` Marco Colombo
2002-08-19 14:02 ` Oliver Xymoron
2002-08-19 15:11 ` Marco Colombo
2002-08-19 15:29 ` Oliver Xymoron
2002-08-19 16:20 ` Marco Colombo
2002-08-19 16:33 ` Oliver Xymoron
2002-08-19 20:23 ` Marco Colombo
2002-08-22 3:16 ` David Wagner
2002-08-16 20:52 ` Chris Friesen
2002-08-17 0:29 ` Oliver Xymoron
2002-08-22 3:19 ` David Wagner
2002-08-22 15:40 ` Chris Friesen [this message]
2002-08-22 17:25 ` Remco Post
-- strict thread matches above, loose matches on Subject: below --
2002-08-15 16:10 henrique
2002-08-15 15:14 henrique
2002-08-15 18:25 ` Andreas Dilger
2002-08-15 19:03 ` Tom Rini
2002-08-15 19:59 ` Andreas Dilger
2002-08-15 21:04 ` Tom Rini
2002-08-16 1:50 ` H. Peter Anvin
2002-08-16 16:33 ` Oliver Xymoron
2002-08-16 16:28 ` Oliver Xymoron
[not found] ` <20020816170126.GD26993@opus.bloom.county>
2002-08-16 17:15 ` Oliver Xymoron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D6505FA.4E7F4978@nortelnetworks.com \
--to=cfriesen@nortelnetworks.com \
--cc=daw@mozart.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox