| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Nov 2006 13:54:59 -0500 From: Phillip Susi <psusi@....rr.com> To: Chris Friesen <cfriesen@...tel.com> CC: G.Ohrner@...t.rwth-aachen.de, linux-kernel@...r.kernel.org Subject: Re: Entropy Pool Contents Chris Friesen wrote: > I believe the idea was that you don't want random users being able to > artificially inflate your entropy count. So the kernel tries to make > use of entropy entered by regular users (by stirring it into the pool) > but it doesn't increase the entropy estimate unless root says its okay. Why are non root users allowed write access in the first place? Can't the pollute the entropy pool and thus actually REDUCE the amount of good entropy? It seems to me that only root should have write access in the first place because of this, and thus, anything root writes should increase the entropy count since one can assume that root is supplying good random data for the purpose of increasing the entropy count. I was planning on just setting up a little root cron script to pull some random data from another machine on the network to add to the local pool, then push some random data back to the other machine to increase its pool, but found that this doesn't work due to this restriction. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists