Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 19 Dec 2000 07:22:14 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 19 Dec 2000 07:22:05 -0500 Received: from Cantor.suse.de ([194.112.123.193]:13573 "HELO Cantor.suse.de") by vger.kernel.org with SMTP id ; Tue, 19 Dec 2000 07:21:54 -0500 Date: Tue, 19 Dec 2000 12:49:48 +0100 From: Kurt Garloff To: "Theodore Y. Ts'o" Cc: Linux kernel list Subject: Re: /dev/random: really secure? Message-ID: <20001219124948.P17777@garloff.suse.de> Mail-Followup-To: Kurt Garloff , "Theodore Y. Ts'o" , Linux kernel list In-Reply-To: <20001218213801.A19903@pcep-jamie.cern.ch> <200012182133.QAA02136@tsx-prime.MIT.EDU> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="v9g2r9e2kvGs7M7R" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200012182133.QAA02136@tsx-prime.MIT.EDU>; from tytso@MIT.EDU on Mon, Dec 18, 2000 at 04:33:13PM -0500 X-Operating-System: Linux 2.2.16 i686 X-PGP-Info: on http://www.garloff.de/kurt/mykeys.pgp X-PGP-Key: 1024D/1C98774E, 1024R/CEFC9215 Organization: TUE/NL, SuSE/FRG Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org --v9g2r9e2kvGs7M7R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 18, 2000 at 04:33:13PM -0500, Theodore Y. Ts'o wrote: > Note that writing to /dev/random does *not* update the entropy estimate, > for this very reason. The assumption is that inputs to the entropy > estimator have to be trusted, and since /dev/random is typically > world-writeable, it is not so trusted. It should not be world-writeable, IMHO. So the only one who can feed entropy there is root, who should know aht (s)he's doing ... Here (SuSE Linux 7.x), it is 644: crw-r--r-- 1 root root 1, 8 Dec 17 22:41 /dev/random crw-r--r-- 1 root root 1, 9 Dec 17 22:41 /dev/urandom Regards, --=20 Kurt Garloff Eindhoven, NL GPG key: See mail header, key servers Linux kernel development SuSE GmbH, Nuernberg, FRG SCSI, Security --v9g2r9e2kvGs7M7R Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6P0tcxmLh6hyYd04RArQPAJwKN0vILGrjo6ErCKw+IW7KEBKVvwCgonFp /6GKWMDwG0LOAURneb+no70= =L/AB -----END PGP SIGNATURE----- --v9g2r9e2kvGs7M7R-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/