Re: Sources of entropy - /dev/random problem for network servers

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: Sources of entropy - /dev/random problem for network servers
Date: 9 Apr 2001 06:17:12 GMT	[thread overview]
Message-ID: <9ark58$133$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: <1457842476.986773581@[195.224.237.69]>

Alex Bligh - linux-kernel  wrote:
>In debugging why my (unloaded) IMAP server takes many seconds
>to open folders, I discovered what looks like a problem
>in 2.4's feeding of entropy into /dev/random. When there
>is insufficient entropy in the random number generator,
>reading from /dev/random blocks for several seconds. /dev/random
>is used (correctly) for crytographic key verification.

Use /dev/urandom, or buy a hardware RNG.

>However, only 3 drivers in drivers/net actually set
>SA_SAMPLE_RANDOM when calling request_irq(). I believe
>all of them should. And indeed this fixed the problem for
>me using an eepro100().

This is unsafe.  The time that packets arrive is not secret:
anyone who can run a sniffer on your network can potentially
recover this information.  Thus, such timings are unsuitable
for introduction into the entropy pool.

(More precisely, there's no harm in adding them to the entropy
pool if they are added in a way so that the /dev/random pool
doesn't increment its estimate of how much entropy it has
collected.  The real harm comes when you bump up the randomness
counter based on them, and if I understand your proposed change,
this is what it's doing.)

next prev parent reply	other threads:[~2001-04-09  6:25 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-04-08 22:46 Sources of entropy - /dev/random problem for network servers Alex Bligh - linux-kernel
2001-04-08 23:33 ` Jeff Garzik
2001-04-09  7:59   ` Alex Bligh - linux-kernel
2001-04-09  0:15 ` Andi Kleen
2001-04-09  6:17 ` David Wagner [this message]
  -- strict thread matches above, loose matches on Subject: below --
2001-04-09 11:04 Heusden, Folkert van
2001-04-10  5:37 ` idalton
2001-04-10 13:56 Heusden, Folkert van

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='9ark58$133$1@abraham.cs.berkeley.edu' \
    --to=daw@mozart.cs.berkeley.edu \
    --cc=daw@cs.berkeley.edu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox