Date: Mon, 18 Dec 2000 21:38:01 +0100
From: Jamie Lokier <[EMAIL PROTECTED]>
David Schwartz wrote:
> The code does its best to estimate how much actual entropy it is gathering.
A potential weakness. The entropy estimator can be manipulated by
feeding data which looks random to the estimator, but which is in fact
not random at all.
Yes, absolutely. That's why you have to be careful before you make
changes to the kernel code to feed additional data to the estimator.
*Usually* relying on interrupt timing is safe, but not always. For
example, an adversary can observe, and in some cases control the
arrivial of network packets which control the network card's interrupt
timings. Is it enough to be able to predict with cpu-counter
resolution the inputs to the /dev/random pool? Maybe; it depends on how
paranoid you are.
Note that writing to /dev/random does *not* update the entropy estimate,
for this very reason. The assumption is that inputs to the entropy
estimator have to be trusted, and since /dev/random is typically
world-writeable, it is not so trusted.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
