From mboxrd@z Thu Jan 1 00:00:00 1970 From: Theodore Tso Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses ofIRQF_SAMPLE_RANDOM Date: Sun, 18 May 2008 08:24:10 -0400 Message-ID: <20080518122410.GA31413@mit.edu> References: <20080515142154.0595e475@core> <36D9DB17C6DE9E40B059440DB8D95F52052D71BB@orsmsx418.amr.corp.intel.com> <482C7B18.6060003@garzik.org> <482C7E53.3050300@hp.com> <482C8184.2030906@garzik.org> <20080516161029.44ded734@core> <0f7201c8b790$9c2a2340$f9b5a8c0@pii350> <20080517220258.GC8140@cs181133002.pp.htv.fi> <10a001c8b8b2$28afd2c0$f9b5a8c0@pii350> <20080518120235.GE8140@cs181133002.pp.htv.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Gilles Espinasse , netdev@vger.kernel.org, linux-kernel@vger.kernel.org To: Adrian Bunk Return-path: Received: from www.church-of-our-saviour.org ([69.25.196.31]:57878 "EHLO thunker.thunk.org" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1762759AbYERMYV (ORCPT ); Sun, 18 May 2008 08:24:21 -0400 Content-Disposition: inline In-Reply-To: <20080518120235.GE8140@cs181133002.pp.htv.fi> Sender: netdev-owner@vger.kernel.org List-ID: On Sun, May 18, 2008 at 03:02:36PM +0300, Adrian Bunk wrote: > > Yes that's the whole point. > > Why remove IRQF_SAMPLE_RANDOM if "it cannot make the RNG output worse." > > We should not care if network traffic can be sniffed in some configurations > > (plus sniffing could be very unlikely in some others). > >... > > Are network drivers better without SAMPLE_RANDOM? > > My understanding of openssl developper answer is same as yours : > > "it cannot make the RNG output worse." > > The "it cannot make the RNG output worse." only applies to the OpenSSL > case (one could argue whether it makes sense, but it can't do harm). Actually, it applies here too. Or it can be made to apply here. If people are concerned that for certain cards the entropy could potentially be guessed by someone on the local network (although I suspect it's still useful for protecting against someone who doesn't have local network access), we could still sample the entropy, and just not increment the entropy credit for /dev/random's sake. It will still put something into the entropy pool which is also used by /dev/urandom. > The replacement solution ready on all Linux machines today is for > userspace to use /dev/urandom instead of /dev/random if feasible. Sampling interrupt entropy will definitely not hurt /dev/urandon, and may help, especially in the freshly installed server case. Especially if it's using kickstart-style install, where there is no keyboard entropy, sampling the interrupts as it pulls RPM's from the network and/or the CD-ROM drive may be all that we have. - Ted