<<< Date Index >>>     <<< Thread Index >>>

Re: /dev/random is probably not



"Zow" Terry Brugger wrote:

> It's been a while since I looked at the /dev/random design on Linux
> (probably the early 2.4 days), however one thing that was quite
> clear was that they did not use any network I/O as entropy sources
> because an attacker, particularly one that already had control of
> other machines on the same LAN segment, could have a high degree of
> control over that source.

They don't need to have any control; simply being able to observe
network traffic means that it is no longer random (in the sense of
"unpredictable", which is what counts from a security perspective).

-- 
Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>