Re: gpg can't get random/entropy

To: current-users%NetBSD.org@localhost
Subject: Re: gpg can't get random/entropy
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Tue, 15 May 2012 11:20:24 -0400

On Tue, May 15, 2012 at 06:10:33PM +0300, Jukka Ruohonen wrote:
> On Tue, May 15, 2012 at 10:49:56AM -0400, Thor Lancelot Simon wrote:
> > Yes -- you don't want to get into the situation in which the only, or
> > almost the only, source of entropy is visible to the attacker.  It makes
> > iterative guessing attacks easier.
> 
> I noticed that acpitz(4) now collects entropy too. Are there any general
> guidelines about which sensor-like drivers are suitable for this task and/or
> should more of these be refactored to support rnd(9)?

It should be done in the envsys code, but the envsys code is, quite frankly,
insane, and I haven't got the stomach for it.

I did it to a few drivers that were fairly easy.  Any temperature, voltage,
or fan sensor is a good choice, and the timing of changes in gross power
state (plugged/unplugged, etc.) can also be useful though those do not
happen very often.

Thor

Follow-Ups:
- Re: gpg can't get random/entropy
  - From: Jukka Ruohonen

References:
- gpg can't get random/entropy
  - From: Paul Goyette
- Re: gpg can't get random/entropy
  - From: Thor Lancelot Simon
- Re: gpg can't get random/entropy
  - From: Julio Merino
- Re: gpg can't get random/entropy
  - From: matthew sporleder
- Re: gpg can't get random/entropy
  - From: Julio Merino
- Re: gpg can't get random/entropy
  - From: Thor Lancelot Simon
- Re: gpg can't get random/entropy
  - From: Jukka Ruohonen

Prev by Date: Re: gpg can't get random/entropy
Next by Date: Re: gpg can't get random/entropy
Previous by Thread: Re: gpg can't get random/entropy
Next by Thread: Re: gpg can't get random/entropy
Indexes:

Home | Main Index | Thread Index | Old Index