tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: new random pseudodevice

On Fri, Dec 09, 2011 at 10:35:32AM -0500, Mouse wrote:
> > In what sense are bits really ever "taken out"?
> "Revealed to userland", of course.
> The idea here is that entropy that has been revealed to userland might
> as well not be present.  With good mixing at appropriate points, this
> is of questionable truth, but it is, as you said, a very conservative
> approach; it amounts to assuming userland has unlimited computational
> power available to invert the mixing.  Combined with the conservative
> approach to estimating how much entropy was put into the pool, it is a
> reasonably good way of making sure that when you ask for strongly
> random bits, you get strongly random bits uncorrelated with anyone
> else's bits.

Look at the implementation.  It *never* worked that way.

To cause bits to actually be "taken out", you'd have to maintain two
pools, discard the entire contents of one every time any bits were
revealed to userspace, and switch to the other.  Or something along
those lines.  And that's just not how it ever worked.


Home | Main Index | Thread Index | Old Index