Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > I can't believe he actually intends to keep it like this..
>
> I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will drain the entropy a lot, and it might
block for a long time, and that for no good reason as I don't think the
magic cookie needs strong cryptographical security (for comparison: The
secret key of a public key cryptography key pair should be created using
/dev/random, while for session keys /dev/urandom is good enough).
Also, reading /dev/mem doesn't sound very secure at all (even if it works)
because the patterns in the memory of a computer are probably predictable
and a lot of information can be observed from the outside (which processes
are running etc).
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/
Reply to: