Re: /dev/random: really secure?

• Next message: Paul Gortmaker: "[PATCH] ident of whole-disk ext2 fs"
• Previous message: Kurt Garloff: "Re: TIOCGDEV ioctl"
• In reply to: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
• Next in thread: Peter Samuelson: "Re: /dev/random: really secure?"
• Reply: Peter Samuelson: "Re: /dev/random: really secure?"
• Reply: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
• Reply: Pavel Machek: "Re: /dev/random: really secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 18, 2000 at 04:33:13PM -0500, Theodore Y. Ts'o wrote:
> Note that writing to /dev/random does *not* update the entropy estimate,
> for this very reason. The assumption is that inputs to the entropy
> estimator have to be trusted, and since /dev/random is typically
> world-writeable, it is not so trusted.

It should not be world-writeable, IMHO. So the only one who can feed entropy
there is root, who should know aht (s)he's doing ...
Here (SuSE Linux 7.x), it is 644:
crw-r--r-- 1 root root 1, 8 Dec 17 22:41 /dev/random
crw-r--r-- 1 root root 1, 9 Dec 17 22:41 /dev/urandom

Regards,

-- 
Kurt Garloff  <garloff@suse.de>                          Eindhoven, NL
GPG key: See mail header, key servers         Linux kernel development
SuSE GmbH, Nuernberg, FRG                               SCSI, Security

• application/pgp-signature attachment: stored

• Next message: Paul Gortmaker: "[PATCH] ident of whole-disk ext2 fs"
• Previous message: Kurt Garloff: "Re: TIOCGDEV ioctl"
• In reply to: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
• Next in thread: Peter Samuelson: "Re: /dev/random: really secure?"
• Reply: Peter Samuelson: "Re: /dev/random: really secure?"
• Reply: Theodore Y. Ts'o: "Re: /dev/random: really secure?"
• Reply: Pavel Machek: "Re: /dev/random: really secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:24 EST