[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?

On Mon, 5 Jan 2004 01:33, Jochen Voss <voss@seehuhn.de> wrote:
> On Sun, Jan 04, 2004 at 02:01:52PM +0100, Richard Atterer wrote:
> > But surely depleted entropy is only a concern for /dev/random, not
> > /dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
> > amounts of pseudo-random data.
> No, /dev/urandom shares the entropy pool with /dev/random and
> will eventually drain it, too.  The initial comment of the

If an application deserves access to /dev/urandom should they also deserve 
access to /dev/random?

It seems to me that an application which wanted to drain the entropy pool 
could just schedule reads from /dev/random and know it's done the job when it 
starts to block.  In 2.6.0 it seems that this does not cause any noticable 
use of CPU time or any other symptom that would lead an administrator to 
suspect such an attack.  Reading from /dev/urandom leads to high CPU use, and 
even so it will be difficult for an attacker to know that they have 

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: