On Tue, 2001-08-21 at 17:50, Robert Love wrote:
><snip>
>
> In theory, we dont need both SHA-1 hash and the entropy count. They
> exist to pacify a theoretical weakness in each.
>
> Now, my net device patch should only be enabled in situations where both
> you trust SHA-1 (and I think most do) and you trust that reading net
> devices yields the full amount of entropy.
'lil typo on my part. actually, if you trust SHA-1, it does not matter
if your net devices give zero entropy, because the SHA-1 hash of the
read from /dev/random is still unpredictable.
the problem is if you both _dont_ trust SHA-1 and _fear_ there is
less-than-estimated entropy from net devices on your network.
per Alex Bligh's suggestion, the Configure wording of the next patch
will explain this.
-- Robert M. Love rml at ufl.edu rml at tech9.net- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:46 EST