lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Dec 2007 17:03:16 -0500
From:	Theodore Tso <tytso@....edu>
To:	Mike McGrath <mmcgrath@...hat.com>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Matt Mackall <mpm@...enic.com>, Ray Lee <ray@...rabbit.org>,
	Adrian Bunk <bunk@...nel.org>,
	Marc Haber <mh+linux-kernel@...schlus.de>,
	linux-kernel@...r.kernel.org
Subject: Re: Why does reading from /dev/urandom deplete entropy so much?

On Tue, Dec 04, 2007 at 02:48:12PM -0600, Mike McGrath wrote:
> Alan Cox wrote:
>>> Here's the top 5:
>>>
>>>    266 28caf2c3-9766-4fe1-9e4c-d6b0ba8a0132
>>>    336 810e7126-1c69-4aff-b8b1-9db0fa8aa15a
>>>    402 c8dbb9d3-a9bd-4ba6-b92e-4a294ba5a95f
>>>    884 06e84493-e024-44b1-9b32-32d78af04039
>>>    931 e2b67e1d-e325-4740-b938-795addb45280
>>>
>>> The left number is times this month someone has submitted a profile with
>>> that UUID.  If we take the last one as an example has come from over 800
>>> IP's in the last 20 days.  It seems very unlikely that one person would
>>> find his way to 800 different IP's this month.  Let me know if you'd
>>> like more.
>>>     
> Background - Smolt runs this during its install:
>
> /bin/cat /proc/sys/kernel/random/uuid > /etc/sysconfig/hw-uuid
>
> For most users this would be run by the RPM %post scripts during install 
> from anaconda. For some reason there are some UUID's (like those listed 
> above) that come up more often then it seems they should if they are truly 
> random.

Would this be by any chance using kickstart where there is no user
interaction, and no way of gathering entropy during the install process?
The random number generator isn't *magic* you know....

	     	    	   	     	     	    - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ