Subject: Re: insufficient entropy for rnd
To: None <>
From: Perry E. Metzger <>
List: tech-crypto
Date: 08/13/2003 14:34:17 writes:
> >It is the reason device-type net is disabled by default, and it's
> >not a serious risk. Anyone who can predict the arrival time of a
> >network packet interrupt (and subsequent processing) within the
> >precision of a CPU cycle counter has enough control over your
> >machine that randomness is irrelevant.
> 	my understanding was that it is not a problem with "who can predict the
> 	arrival time of a network packet interrupt", but "arrival time of
> 	network packet interrupt may not be random enough"

Yup. You got it. Many people think that keystroke timing is really a
lot more random than it is, too, even though the output is clocked...