[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <49DA91C2.1020106@garzik.org>
Date: Mon, 06 Apr 2009 19:35:30 -0400
From: Jeff Garzik <jeff@...zik.org>
To: Sven-Haegar Koch <haegar@...net.de>
CC: Matt Mackall <mpm@...enic.com>,
Robin Getz <rgetz@...ckfin.uclinux.org>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Chris Peterson <cpeterso@...terso.com>
Subject: Re: IRQF_SAMPLE_RANDOM question...
Sven-Haegar Koch wrote:
> On Mon, 6 Apr 2009, Matt Mackall wrote:
>
>> On Mon, 2009-04-06 at 14:30 -0400, Robin Getz wrote:
>>> We have lots of embedded headless systems (no keyboard/mouse, no soundcard, no
>>> video) systems with *no* sources of entropy - and people using SSL.
>> I'd rather add a random_sample_network call somewhere reasonably central
>> in the network stack. Then we can use the knowledge that the sample is
>> network-connected in the random core to decide how to measure its
>> entropy. The trouble with IRQF_SAMPLE_RANDOM is that many of its users
>> are technically bogus as entropy sources in the current model.
>>
>> I'm eventually going to move the RNG away from the strict theoretical
>> entropy accounting model to a more pragmatic one which will be much
>> happier with iffy entropy sources, but that's a ways off.
>
> Btw, perhaps not the perfect question in this thread:
> But what should we use to keep servers running without a hardware rng
> available and without any external input besides the network?
> After having ssh and openvpn die because of no random and having
> the machines like dead and unreachable for me I use "ln -sf
> /dev/urandom /dev/random", but that does not feel so good.
We see this question every time IRQF_SAMPLE_RANDOM is discussed.
There is plenty of entropy data available, you just have to look
around... Google around for "EGD", video entropy daemon, audio entropy
daemon, etc...
Even headless servers have entropy sources if you look hard enough.
Jeff
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists