[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080518120235.GE8140@cs181133002.pp.htv.fi>
Date: Sun, 18 May 2008 15:02:36 +0300
From: Adrian Bunk <bunk@...nel.org>
To: Gilles Espinasse <g.esp@...e.fr>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses
ofIRQF_SAMPLE_RANDOM
On Sun, May 18, 2008 at 08:41:10AM +0200, Gilles Espinasse wrote:
> > On Fri, May 16, 2008 at 10:08:29PM +0200, Gilles Espinasse wrote:
> > >
> > > That's funny
> > > It does look to disturb some kernel developper that ethernet may be
> sniffed
> > > to feed a RNG
> > > even that could be very hard to reach any effective result in the case
> of a
> > > machine splitting different network segments.
> > >
> > > In the same time, it does not disturb openssl developpers to include non
> > > initialised memory that may or may not be predictable to feed a RNG.
> > > http://marc.info/?l=openssl-dev&m=121095151003011&w=2
> >
> > Why should it disturb them?
> >
> > As is explained in the email you quote it cannot make the RNG
> > output worse.
> >
> Yes that's the whole point.
> Why remove IRQF_SAMPLE_RANDOM if "it cannot make the RNG output worse."
> We should not care if network traffic can be sniffed in some configurations
> (plus sniffing could be very unlikely in some others).
>...
> Are network drivers better without SAMPLE_RANDOM?
> My understanding of openssl developper answer is same as yours :
> "it cannot make the RNG output worse."
The "it cannot make the RNG output worse." only applies to the OpenSSL
case (one could argue whether it makes sense, but it can't do harm).
IRQF_SAMPLE_RANDOM and what was discussed in this email on the OpenSSL
mailing list are two completely different subjects, and you completely
miss the problem when you mix them.
> So why remove SAMPLE_RANDOM on network cards today if there is no
> replacement solution ready for x% of machines running linux actually?
>...
The replacement solution ready on all Linux machines today is for
userspace to use /dev/urandom instead of /dev/random if feasible.
> Gilles
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists