Re: [PATCH] (0/4) Entropy accounting fixes

From: Oliver Xymoron (
Date: Sun Aug 18 2002 - 00:53:48 EST

On Sat, Aug 17, 2002 at 11:28:08PM -0600, Andreas Dilger wrote:
> Even so, I would agree with Linus in the thought that being "too
> paranoid" makes it basically useless. If you have people sniffing
> your network right next to the WAN side of your IPSec firewall with
> GHz network analyzers and crafting packets to corrupt your entropy
> pool, then chances are they could just as easily sniff the LAN side
> of your network and get the unencrypted data directly. The same
> holds true for keystroke logging (or spy camera) to capture your pass
> phrase instead of trying an incredibly difficult strategy to "influence"
> the generation of this huge key in advance.

Actually, my attack model here assumes a hostile LAN. GHz WAN is
fairly uncommon.

This design comes from an entropy pool I made from scratch for another
system and fixed what I thought the deficits are in the Linux
model. Current Linux a) overestimates entropy b) can't incorporate
untrusted data c) doesn't sample from the network at all.

I think if I'd broken this up this way:

piece 1a: mix in untrusted data without accounting it
piece 1b: start sampling the network as untrusted data
piece 2a: clean up bogosity in entropy accounting one would have objected.

> In the end, if you make it so hard to extract your secrets in a stealthy
> manner, they will just start with a few big guys and a rubber hose...

Oddly enough, I came home today from running errands to discover that
someone had tried brute-forcing my front door with a crowbar.

 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Aug 23 2002 - 22:00:14 EST