Re: [PATCH] (0/4) Entropy accounting fixes

From: Andreas Dilger (
Date: Sun Aug 18 2002 - 00:28:08 EST

On Aug 17, 2002 21:59 -0500, Oliver Xymoron wrote:
> On Sat, Aug 17, 2002 at 07:30:02PM -0700, Linus Torvalds wrote:
> > Quite frankly, I'd rather have a usable /dev/random than one that runs out
> > so quickly that it's unreasonable to use it for things like generating
> > 4096-bit host keys for sshd etc.
> > In particular, if a machine needs to generate a strong random number, and
> > /dev/random cannot give that more than once per day because it refuses to
> > use things like bits from the TSC on network packets, then /dev/random is
> > no longer practically useful.
> My box has been up for about the time it's taken to write this email
> and it's already got a full entropy pool. A 4096-bit public key has
> significantly less than that many bits of entropy in it (primes thin
> out in approximate proportion to log2(n)).

It is fairly trivial to change the init scripts to save/restore more than
4096 bits of entropy, and for /dev/random to accumulate more than this.
For people who have _any_ source of "real" entropy, but it is occasionally
in high demand, they could set up a larger pool to accumulate entropy
in between peak demand. It is basically just a few lines of change in
/etc/init.d/[u]random - all the kernel hooks are there.

Even so, I would agree with Linus in the thought that being "too
paranoid" makes it basically useless. If you have people sniffing
your network right next to the WAN side of your IPSec firewall with
GHz network analyzers and crafting packets to corrupt your entropy
pool, then chances are they could just as easily sniff the LAN side
of your network and get the unencrypted data directly. The same
holds true for keystroke logging (or spy camera) to capture your pass
phrase instead of trying an incredibly difficult strategy to "influence"
the generation of this huge key in advance.

In the end, if you make it so hard to extract your secrets in a stealthy
manner, they will just start with a few big guys and a rubber hose...

Cheers, Andreas

Andreas Dilger

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to More majordomo info at Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Aug 23 2002 - 22:00:14 EST