Hello, On Mon, Jan 05, 2004 at 05:44:59PM +1100, Russell Coker wrote: > If an application deserves access to /dev/urandom should they also deserve > access to /dev/random? I have no strong opinion about this, but your explanation below seem to suggest a "no" to me. But then the question may be not so relevant. The problem description, again from the kernel sources, is: If this estimate [for the remaining entropy] goes to zero, the routine can still generate random numbers; however, an attacker may (at least in theory) be able to infer the future output of the generator from prior outputs. This requires successful cryptanalysis of SHA, which is not believed to be feasible, but there is a remote possibility. ... So if restricting access to /dev/random causes problems, it may not be worth the trouble. > It seems to me that an application which wanted to drain the entropy pool > could just schedule reads from /dev/random and know it's done the job when it > starts to block. In 2.6.0 it seems that this does not cause any noticable > use of CPU time or any other symptom that would lead an administrator to > suspect such an attack. Reading from /dev/urandom leads to high CPU use, and > even so it will be difficult for an attacker to know that they have > succeeded. Jochen -- http://seehuhn.de/
Attachment:
signature.asc
Description: Digital signature