lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 06 Apr 2009 19:35:30 -0400
From:	Jeff Garzik <jeff@...zik.org>
To:	Sven-Haegar Koch <haegar@...net.de>
CC:	Matt Mackall <mpm@...enic.com>,
	Robin Getz <rgetz@...ckfin.uclinux.org>,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	Chris Peterson <cpeterso@...terso.com>
Subject: Re: IRQF_SAMPLE_RANDOM question...

Sven-Haegar Koch wrote:
> On Mon, 6 Apr 2009, Matt Mackall wrote:
> 
>> On Mon, 2009-04-06 at 14:30 -0400, Robin Getz wrote:
>>> We have lots of embedded headless systems (no keyboard/mouse, no soundcard, no 
>>> video) systems with *no* sources of entropy - and people using SSL.
>> I'd rather add a random_sample_network call somewhere reasonably central
>> in the network stack. Then we can use the knowledge that the sample is
>> network-connected in the random core to decide how to measure its
>> entropy. The trouble with IRQF_SAMPLE_RANDOM is that many of its users
>> are technically bogus as entropy sources in the current model.
>>
>> I'm eventually going to move the RNG away from the strict theoretical
>> entropy accounting model to a more pragmatic one which will be much
>> happier with iffy entropy sources, but that's a ways off.
> 
> Btw, perhaps not the perfect question in this thread:
> But what should we use to keep servers running without a hardware rng 
> available and without any external input besides the network?
> After having ssh and openvpn die because of no random and having 
> the machines like dead and unreachable for me I use "ln -sf 
> /dev/urandom /dev/random", but that does not feel so good.

We see this question every time IRQF_SAMPLE_RANDOM is discussed.

There is plenty of entropy data available, you just have to look 
around...  Google around for "EGD", video entropy daemon, audio entropy 
daemon, etc...

Even headless servers have entropy sources if you look hard enough.

	Jeff


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ