Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 21 Aug 2002 08:43:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 21 Aug 2002 08:43:38 -0400 Received: from waste.org ([209.173.204.2]:22235 "EHLO waste.org") by vger.kernel.org with ESMTP id ; Wed, 21 Aug 2002 08:43:37 -0400 Date: Wed, 21 Aug 2002 07:47:38 -0500 From: Oliver Xymoron To: Rogier Wolff Cc: Linus Torvalds , linux-kernel Subject: Re: [PATCH] (0/4) Entropy accounting fixes Message-ID: <20020821124738.GB12128@waste.org> References: <20020818025913.GF21643@waste.org> <20020821104410.A25461@bitwizard.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020821104410.A25461@bitwizard.nl> User-Agent: Mutt/1.3.28i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2079 Lines: 45 On Wed, Aug 21, 2002 at 10:44:10AM +0200, Rogier Wolff wrote: > On Sat, Aug 17, 2002 at 08:08:36PM -0700, Linus Torvalds wrote: > > > > On Sat, 17 Aug 2002, Oliver Xymoron wrote: > > > > > > Let me clarify that 2-5 orders thing. The kernel trusts about 10 times > > > as many samples as it should, and overestimates each samples' entropy > > > by about a factor of 10 (on x86 with TSC) or 1.3 (using 1kHz jiffies). > > > > Lookin gat the code, your _new_ code just throws samples away _entirely_ > > just because some random event hasn't happened (the first thing I noticed > > was the context switch testing, there may be others there that I just > > didn't react to). > > Oliver, > > Let me state that with a proper mixing function you should always > mix in possible entropy sources, even if they CAN be controlled > from the outside. > > If you mistrust the source, feel free to add (almost) zero to the > "proven entropy". > > Now, how about keeping both a conservative and a bit more liberal > count of the entropy in the pool? Then we can have three device > nodes, which provide random entropy. One should follow YOUR rules, > and can only be used on desktop machines with humans typing and > mousing at the console (that's your proposition for "random"). > The other is useful for random numbers for keys and such (that's > our current "random"). The last is our old urandom. My current version adds a sysctl that lets you assign between 0.01 and 1 bits to untrusted sources, defaulting to 0. Headless folks without hardware RNGs can use it to get ample amounts of entropy from network packets (together with patches that turn on SA_SAMPLE_RANDOM for NICs). I believe this should be acceptable to all parties - I'll resend sometime soon. -- "Love the dolphins," she advised him. "Write by W.A.S.T.E.." - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/