[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a small C program to test xdm's /dev/mem reading on your architecture



On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > I can't believe he actually intends to keep it like this..
> 
> I'm going to #define DEV_RANDOM /dev/random for Linux systems.

That's bad, because that will drain the entropy a lot, and it might
block for a long time, and that for no good reason as I don't think the
magic cookie needs strong cryptographical security (for comparison: The
secret key of a public key cryptography key pair should be created using
/dev/random, while for session keys /dev/urandom is good enough).

Also, reading /dev/mem doesn't sound very secure at all (even if it works)
because the patterns in the memory of a computer are probably predictable
and a lot of information can be observed from the outside (which processes
are running etc).

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    marcus@gnu.org
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/



Reply to: