| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 May 2008 11:28:25 +0200 From: Helge Hafting <helge.hafting@...el.hist.no> To: Andi Kleen <andi@...stfloor.org> CC: Herbert Xu <herbert@...dor.apana.org.au>, Alan Cox <alan@...rguk.ukuu.org.uk>, Jeff Garzik <jeff@...zik.org>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com>, Chris Peterson <cpeterso@...terso.com>, tpmdd-devel@...ts.sourceforge.net, tpm@...horst.net Subject: Re: [PATCH] Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM Andi Kleen wrote: > Herbert Xu wrote: > >> >> You can continue to feed data into the pool even if it fails the >> test. You just keep the entropy value same as before. >> > > You could do that, but what advantage would it have? I don't think it's > worth running the FIPS test, or rather requiring the user land daemon > and leaving behind most of the userbase just for this. > Security through obfuscation? Someone trying to predict the RNG can do so in theory, but if they have to keep track of network timings, disk activity, and 5 other things, then chances are that they fail ofen enough even if the attack is possible "in theory". Helge Hafting -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists