Perry E. Metzger <perry@wasabisystems.com> wrote:

>Ben Harris <bjh21@netbsd.org> writes:

>> Log Message:
>> Add support for feeding entropy to rnd(4).

>Isn't this an ethernet controller? It is VERY VERY dangerous to get
>entropy from network devices.

Has a "poisoning the entropy pool via the network" attack ever been
demonstrated in a non-degenerate case (i.e. a system running more
processes than simply the one being attacked, on a network with more
traffic than just the attacker)?

(And, yes, it does seem, as mentioned in another reply, that there
might be machines where the _only_ available source of entropy is the
network, e.g. diskless headless machines.)

We're only providing rope here, and it isn't turned on by default,
either.

jdarrow

-- 
John Darrow - Senior Technical Specialist               Office: 630/752-5201
Computing Services, Wheaton College, Wheaton, IL 60187  Fax:    630/752-5968
Pager via email: 6303160707@alphapage.airtouch.com      Pager:  630/316-0707
Email: John.P.Darrow@wheaton.edu (plain text please, no HTML or proprietary)