[clug] entropy
Martijn van Oosterhout
kleptog at svana.org
Sat Aug 30 11:10:01 EST 2003
On Sat, Aug 30, 2003 at 08:55:44AM +1000, Kim Holburn wrote:
> Apparently the consensus is that you can't use the network device for
> entropy "because an attacker might potentially control input and make it
> non-random". Is this possible? I don't know.
I've always thought this a bit strange. I'm not convinced that an attacker
can control the timing accuratly enough to predict the very last bit of the
CPU cycle counter which flips maybe a billion times a second. At this level
you're talking about DRAM latency timings and whether not things are in
cache. One bit of entropy per network packet would be enough for most
things.
> Anyway one option which we might use is to attach microphones and use the sound to create entropy using audio-entropyd.
>
> Has anyone else gone through something similar?
No, though I am curious what your symptoms are because we have some servers
like that.
Basically, you need to find out what *does* count as entropy if network
traffic doesn't. If hard disks interrupts count, maybe a find / from a
cronjob every couple of hours. That's the only easily controllable thing I
can think of.
--
Martijn van Oosterhout <kleptog at svana.org> http://svana.org/kleptog/
> "All that is needed for the forces of evil to triumph is for enough good
> men to do nothing." - Edmond Burke
> "The penalty good people pay for not being interested in politics is to be
> governed by people worse than themselves." - Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030830/95eca220/attachment.bin
More information about the linux
mailing list