Re: regarding the changes to kernel entropy gathering

To: current-users%netbsd.org@localhost
Subject: Re: regarding the changes to kernel entropy gathering
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 5 Apr 2021 07:07:33 -0000 (UTC)

joerg%bec.de@localhost (Joerg Sonnenberger) writes:

>Part of the problem here is that most of the non-RNG data sources are
>easily observable either from the local system (e.g. any malicious user)
>or other VMs on the same machine (in case of a hypervisor) or local
>machines on the same network (in case of network interrupts). That's the
>real reason why their entropy is hard to estimate. It becomes even more
>annoying with modern hardware features like interrupt moderation of
>nics. They can make the timing of interrupts highly predicable.

Must be a thing of the past, as we always ignored that information
from NIC devices by default. No need to rip out the code that would
allow it.

References:
- regarding the changes to kernel entropy gathering
  - From: Greg A. Woods
- Re: regarding the changes to kernel entropy gathering
  - From: Taylor R Campbell
- Re: regarding the changes to kernel entropy gathering
  - From: Greg A. Woods
- Re: regarding the changes to kernel entropy gathering
  - From: RVP
- Re: regarding the changes to kernel entropy gathering
  - From: Joerg Sonnenberger

Prev by Date: Re: how do I mount a read-only filesystem from the "root device" prompt?
Next by Date: Re: regarding the changes to kernel entropy gathering
Previous by Thread: Re: regarding the changes to kernel entropy gathering
Next by Thread: Re: regarding the changes to kernel entropy gathering
Indexes:

Home | Main Index | Thread Index | Old Index