Theodore Tso wrote:
>On Wed, Aug 15, 2001 at 11:13:41AM -0600, Andreas Dilger wrote:
>> Note that network interrupts do NOT normally contribute to the entropy
>> pool. This is because of the _very_theoretical_ possibility that an
>> attacker can "control" the network traffic to such a precise extent as
>> to flush or otherwise contaminate the entropy from the pool [...]
>
>That's not the only attack, actually. The much simpler attack pathis
>for an attack to **observe** the network traffic to such a precise
>extent as to be able to guess what the entropy numbers are that are
>going into the pool. (Think: FBI's Carnivore).
Right. Ted's observation says that network traffic should not
contribute to the entropy *count*. However, it is probably still
useful to add network traffic timings to the pool (without bumping
up the count). Adding extra traffic to the pool should not hurt,
unless the cryptographic hash function is insecure (in which case
you've probably got worse problems than chosen-timing attacks).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:31 EST