[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-devel] Re: [debian-devel] Re: SSP for Debian unstable. was Re: security enhanced debian branch?

A levelezőm azt hiszi, hogy John Hasler a következőeket írta:
> > -an "entropy friendly" /dev/?random for "not so important for security"
> Your "not so important for security" programs will suck up all the entropy

By "entropy friendly" I meant an implementation which trades off using
less entropy for being a bit more predictable. I guess that a
"cryptographycally good" (in the sense /dev/urandom works when there
is no entropy) random number generator reseeded only now and then
might be enough in some cases for generating those magic values to the stack.
It depends on two factors I can think of:
-The desperation of the attacker. It is site-dependent.
-The "next best" way to crack the program. I am definitely not expert
 in cryptography, but given the fact that stack smashing is only one way to
 make the program go crazy, the needed amount of entropy might be quite low
 to keep stack smashing as not the best.

> via /dev/urandom and then keep going, running on what they get from the prng.
> Meanwhile, the important programs that were depending on /dev/random will
> be stalled, waiting for the entropy pool to refill.
> Perhaps the kernel should cut /dev/urandom off from the entropy pool when
> it reaches some low-water mark. 

It is one way to create such an entropy-friendly device.

GNU GPL: csak tiszta forrásból

Reply to: