Hello,
On Mon, Jan 05, 2004 at 05:44:59PM +1100, Russell Coker wrote:
> If an application deserves access to /dev/urandom should they also deserve
> access to /dev/random?
I have no strong opinion about this, but your explanation
below seem to suggest a "no" to me. But then the question
may be not so relevant. The problem description, again
from the kernel sources, is:
If this estimate [for the remaining entropy] goes to zero, the
routine can still generate random numbers; however, an attacker
may (at least in theory) be able to infer the future output of the
generator from prior outputs. This requires successful
cryptanalysis of SHA, which is not believed to be feasible, but
there is a remote possibility. ...
So if restricting access to /dev/random causes problems, it
may not be worth the trouble.
> It seems to me that an application which wanted to drain the entropy pool
> could just schedule reads from /dev/random and know it's done the job when it
> starts to block. In 2.6.0 it seems that this does not cause any noticable
> use of CPU time or any other symptom that would lead an administrator to
> suspect such an attack. Reading from /dev/urandom leads to high CPU use, and
> even so it will be difficult for an attacker to know that they have
> succeeded.
Jochen
--
http://seehuhn.de/
Attachment:
signature.asc
Description: Digital signature