Re: CVS commit: syssrc/sys/dev/ic

To: John Darrow <John.P.Darrow%wheaton.edu@localhost>
Subject: Re: CVS commit: syssrc/sys/dev/ic
From: "Perry E. Metzger" <perry%wasabisystems.com@localhost>
Date: 08 Nov 2001 08:53:09 -0500

John Darrow <John.P.Darrow%wheaton.edu@localhost> writes:
> Has a "poisoning the entropy pool via the network" attack ever been
> demonstrated in a non-degenerate case (i.e. a system running more
> processes than simply the one being attacked, on a network with more
> traffic than just the attacker)?

Absence of evidence is not evidence of absence. There are many things
that people aren't comfortable with that have never actually had a
worked example performed.

> (And, yes, it does seem, as mentioned in another reply, that there
> might be machines where the _only_ available source of entropy is the
> network, e.g. diskless headless machines.)
> 
> We're only providing rope here, and it isn't turned on by default,
> either.

We might want to be a lot more careful about how the rope is labeled
at the very least.

--
Perry E. Metzger                perry%wasabisystems.com@localhost
--
NetBSD Development, Support & CDs. http://www.wasabisystems.com/

References:
- Re: CVS commit: syssrc/sys/dev/ic
  - From: John Darrow

Prev by Date: CVS commit: basesrc/usr.sbin/makefs
Next by Date: CVS commit: syssrc/sys/ddb
Previous by Thread: Re: CVS commit: syssrc/sys/dev/ic
Next by Thread: Re: CVS commit: syssrc/sys/dev/ic
Indexes:

Home | Main Index | Thread Index | Old Index