Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 19 Dec 2000 23:19:50 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 19 Dec 2000 23:19:40 -0500 Received: from quechua.inka.de ([212.227.14.2]:12600 "EHLO mail.inka.de") by vger.kernel.org with ESMTP id ; Tue, 19 Dec 2000 23:19:31 -0500 From: Bernd Eckenfels To: linux-kernel@vger.kernel.org Subject: Re: /dev/random: really secure? Message-Id: Date: Wed, 20 Dec 2000 04:49:03 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org In article <20001218102218.A428@albireo.ucw.cz> you wrote: > Even if you were able to predict all entropy sources, to predict the generated > random numbers you would need to invert the cryptographic hash used there. If you can predict ALL input in the pool, including the initial boot state you can just rerun the PNRG algorithm and get the random numbers (as long as you even can predict read access to the device). But thats not the real-world Attack. The Real world attack is more to reduce the randomness in terms of stochastic tests can detect some patterns like unequal distribution or cycles. Those will lower the strengt of some algorithms... Greetings Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/