Re: no entropy and no output at /dev/random (quick question)

[Denis Vlasenko]

On Tuesday 30 November 2004 18:48, Javier Villavicencio wrote:
> > Reading /dev/urandom depletes exactly the same pool, it just doesn't block
> > when the pool is empty. As said pool has other uses, indiscriminate reading
> > of either can DoS other parts of the system.
> 
> But why if /dev/random depletes and you don't have any source of entropy 
> ? As you may have seen in my setup I had no mouse/keyboard attached to 
> that server, and the only "things" capable of generate entropy where the 
> two nics and the DAC960.
> So I've enabled entropy only for the local nic and the DAC960 (at least 
> "I think", for the dac :+) and now I'm plenty of entropy, but for a 
> setup like this, the server may have been running without entropy at all 
> for weeks (I've forgot to check the uptime :+P).
> About this, think about php generating session_id()s without entropy 
> (o_O), and stuff like that....

BTW why your php developer can't use /dev/urandom?
--
vda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/