From: Robert Love <rml@tech9.net>
To: Alex Bligh - linux-kernel <linux-kernel@alex.org.uk>
Cc: Steve Hill <steve@navaho.co.uk>, linux-kernel@vger.kernel.org
Subject: Re: /dev/random in 2.4.6
Date: 15 Aug 2001 16:55:53 -0400 [thread overview]
Message-ID: <997908956.733.102.camel@phantasy> (raw)
In-Reply-To: <125898493.997907155@[169.254.45.213]>
In-Reply-To: <Pine.LNX.4.21.0108151605180.2107-100000@sorbus.navaho> <125898493.997907155@[169.254.45.213]>
On 15 Aug 2001 20:25:56 +0100, Alex Bligh - linux-kernel wrote:
> I'd prefer a single /proc/ entry to turn entropy on from ALL network
> devices for precisely the reason you state (SCSI means no IDE
> entity either), even if its off by default for ALL network
> devices for paranoia reasons, but there seems to be some religious
> issue at play which means the state currently depends on which
> brand of network card you have.
This is a _very_ good idea and one I suspect most people won't find
fault with.
Personally, I want entropy gathering enabled for my network devices.
While I disagree that there is any chance in hell that a remote intruder
can influence the entropy pool in a manner where the returned hash is
able to be determined, I understand some people don't want entropy
gathering enabled on their NICs.
There are two approaches to this. Neither idea would be too hard.
Method one, your idea, would have us add SA_SAMPLE_NET_RANDOM to each
NIC's request_irq call. The random gatherer would then need to be made
aware of the sysctl and check and add/remove interripts derived from
NICs as needed. This would require a bit of recoding (take a look at
request_irq and random.c)
Note we can't do the check once in request_irq because this is only
called once. Anything loaded before the sysctl was set would be out of
luck (note this is anything not a module). Additionally, we wouldn't be
able to change the sysctl on the fly and have the NICs start/stop adding
entropy.
An easier, although less robust idea (although one I like) is a
configure statement "Gather entropy using Network Devices". Then we add
SA_SAMPLE_NET_RANDOM to each NIC's request_irq flags and define it like
this:
#ifdef CONFIG_USE_NET_ENTRY
#define SA_SAMPLE_NET_RANDOM SA_SAMPLE_RANDOM
#else
#define SA_SAMPLE_NET_RANDOM 0
#endif
and voila. No extra code after compile, everyone can choose, and who
would complain? Those who want the entropy, will get it.
--
Robert M. Love
rml at ufl.edu
rml at tech9.net
next prev parent reply other threads:[~2001-08-15 20:55 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-15 15:07 /dev/random in 2.4.6 Steve Hill
2001-08-15 15:21 ` Richard B. Johnson
2001-08-15 15:27 ` Steve Hill
2001-08-15 15:42 ` Richard B. Johnson
2001-08-15 16:29 ` Tim Walberg
2001-08-15 17:13 ` Andreas Dilger
2001-08-16 8:37 ` Steve Hill
2001-08-16 19:11 ` Andreas Dilger
2001-08-16 19:35 ` Alex Bligh - linux-kernel
2001-08-16 20:30 ` Andreas Dilger
2001-08-17 0:49 ` Robert Love
2001-08-17 1:05 ` Robert Love
2001-08-19 17:29 ` David Wagner
2001-08-17 21:18 ` Theodore Tso
2001-08-17 22:05 ` David Schwartz
2001-08-19 15:13 ` Theodore Tso
2001-08-19 15:33 ` Rob Radez
2001-08-19 17:32 ` David Wagner
2001-08-19 23:32 ` Oliver Xymoron
2001-08-20 7:40 ` Helge Hafting
2001-08-20 14:01 ` Oliver Xymoron
2001-08-20 13:37 ` Alex Bligh - linux-kernel
2001-08-20 14:12 ` Oliver Xymoron
2001-08-20 14:40 ` Alex Bligh - linux-kernel
2001-08-20 14:55 ` Chris Friesen
2001-08-20 15:22 ` Oliver Xymoron
2001-08-20 15:25 ` Doug McNaught
2001-08-20 15:42 ` Chris Friesen
2001-08-21 10:03 ` Steve Hill
2001-08-21 18:14 ` David Wagner
2001-08-20 16:01 ` David Wagner
2001-08-20 19:30 ` Gérard Roudier
2001-08-20 15:07 ` Oliver Xymoron
2001-08-21 8:33 ` Alex Bligh - linux-kernel
2001-08-21 16:13 ` Oliver Xymoron
2001-08-21 17:44 ` Alex Bligh - linux-kernel
2001-08-21 18:24 ` David Wagner
2001-08-21 18:49 ` Alex Bligh - linux-kernel
2001-08-21 19:04 ` Oliver Xymoron
2001-08-21 19:20 ` Alex Bligh - linux-kernel
2001-08-21 21:44 ` Robert Love
2001-08-21 18:19 ` David Wagner
2001-08-20 16:00 ` David Wagner
2001-08-21 1:20 ` Theodore Tso
2001-08-21 8:39 ` Alex Bligh - linux-kernel
2001-08-21 10:46 ` Marco Colombo
2001-08-21 12:40 ` Alex Bligh - linux-kernel
2001-08-21 17:06 ` cfs+linux-kernel
2001-08-21 17:48 ` Alex Bligh - linux-kernel
2001-08-21 18:27 ` David Wagner
2001-08-21 18:25 ` David Wagner
2001-08-20 22:55 ` D. Stimits
2001-08-21 1:06 ` David Schwartz
2001-08-19 17:31 ` David Wagner
2001-08-19 17:27 ` David Wagner
2001-08-15 19:25 ` Alex Bligh - linux-kernel
2001-08-15 20:55 ` Robert Love [this message]
2001-08-15 21:27 ` Alex Bligh - linux-kernel
2001-08-16 8:55 ` Steve Hill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=997908956.733.102.camel@phantasy \
--to=rml@tech9.net \
--cc=linux-kernel@alex.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=steve@navaho.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox