On Sunday 13 February 2005 11:32, Oded Arbel wrote: > > > Trying not to sound like a noob, but ... how do I set it ? I hope > > > not by recompiling my kernel which is something I loathe to do on a > > > production machine, you understand - I haven't even upgraded to > > > 2.6.
This is in the kernel code itself, so it's a *change* of the code and than recompile... > > Afraid so. It might be already set, or there might be a module option > > to turn it on - which kernel are you using and which NIC driver? > > eepro100 on 2.4.25 At least on 2.6 (that's what sitting on my disk) both drivers available for eepro (Becker's eepro100.c and Intel's e100.c) do not use these interrupts as entropy source. As Oleg explained in a previous post -- this is a wise thing (Network interrupts may be scheduled by a potential attacker). Weirdly enough, some network drivers do use SA_SAMPLE_RANDOM (e.g: e1000.c from Intel and 3c523.c). > > > I looked at sysctl -a, but nothing looked related. Also I hear that > > > unlike SCSI, IDE drives do supposed to contribute to entropy, but > > > while I do have an IDE drive there doesn't seem to be any entropy > > > generated from it - is it possible to turn this on as well ? > > > > Same answer I'm afraid. Which IDE module? > > ahmm.. the standard one ? Just checked (on my 2.6.10) -- the IDE irq grabbing is common code (on drivers/ide/ide-probe.c) and *does not* contribute to random number entropy. Also, from the SCSI variety, almost none is used (drivers/scsi/nsp32.c does, but I don't know this chip/device). Can anybody explain why not? My only guess is that block devices are too much regularized by the block layer (elevator etc.) and so don't have enough randomness. Any better explanation? Actually, since this is a policy issue, maybe this should be tunable (per driver? per IRQ?). Looks like a future patch is pending here :-) -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 "It's almost like we're doing Windows users a favor by charging them money for something they could get for free, because they get confused otherwise." - Larry Wall. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
