Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751178AbWEERNc (ORCPT ); Fri, 5 May 2006 13:13:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751163AbWEERNc (ORCPT ); Fri, 5 May 2006 13:13:32 -0400 Received: from smtpout.mac.com ([17.250.248.185]:28875 "EHLO smtpout.mac.com") by vger.kernel.org with ESMTP id S1751178AbWEERNc (ORCPT ); Fri, 5 May 2006 13:13:32 -0400 In-Reply-To: <8.420169009@selenic.com> References: <8.420169009@selenic.com> Mime-Version: 1.0 (Apple Message framework v746.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <65CF7F44-0452-4E94-8FC1-03B024BCCAE7@mac.com> Cc: Andrew Morton , linux-kernel@vger.kernel.org, davem@davemloft.net Content-Transfer-Encoding: 7bit From: Kyle Moffett Subject: Re: [PATCH 7/14] random: Remove SA_SAMPLE_RANDOM from network drivers Date: Fri, 5 May 2006 13:13:23 -0400 To: Matt Mackall X-Mailer: Apple Mail (2.746.3) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1682 Lines: 34 On May 5, 2006, at 12:42:35, Matt Mackall wrote: > Remove SA_SAMPLE_RANDOM from network drivers > > /dev/random wants entropy sources to be both unpredictable and > unobservable. Network devices are neither as they may be directly > observed and controlled by an attacker. Thus SA_SAMPLE_RANDOM is > not appropriate. I thought I saw an analysis somewhere of why it was actually OK to include randomness from network devices (or even basically any interrupt source that isn't periodic on a fundamental hardware level). It had something to do with investigating interrupt arrival time from real-time network traffic; they hooked a logic analyzer of sorts up to the physical ethernet cable itself and to the system bus of the destination computer (and wrote software that recorded a TSC timestamp of every interrupt). Essentially the interaction between the occasional ethernet retransmission, variable internal network card latencies and queues, variable CPU-dependent interrupt latencies, critical sections in the OS, etc, plus the high-resolution nature of the TSC used for a seed value made it a chaotic system and basically cryptographically impossible to predict the interrupt data. It's possible that the analysis I saw was later proven incorrect; but I'd be interested if you've seen some paper or research on the topic that I haven't, I'd be interested in references. Cheers, Kyle Moffett - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/