Re: Problem with random.c and PPC

From: Chris Friesen (
Date: Thu Aug 22 2002 - 10:40:42 EST

David Wagner wrote:

> "If you have an embedded system that is headless, etc., then your
> only remaining source of entropy is /dev/zero."
> Well, sometimes there is just no reliable entropy source on hand.
> Maybe it's better to admit that than to fool ourselves.

And if you could time to the nanosecond exactly when each zero was read in, and the latencies in
this reading are varying with the rest of the workload on the machine, then yes, you can get entropy
reading from /dev/zero.

I submit that if you have an attacker with the resources to model and predict your interrupt
handling down to the timing of the pci bus (ie 30 nanoseconds) from across the other end of your LAN
then you will probably have the resources to use a hardware RNG. If you don't have those resources,
chances are good that your competitors don't have the ability to do the requesite network

It's a calculated risk, but I would argue that some security (even if theoretically compromiseable)
is better than none.


Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986
Nepean, ON K2H 8E9 Canada        | email:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Aug 23 2002 - 22:00:25 EST