Simple solution:
generate the entropy in another device -- either physical device attached
to the server or just by pre-determining a random seed (500 bits), and put
it into the entropy poll/PRNG device.
Not-so-simple solution, but adequete:
insert the network module back into place, and add your own scripts that
access various websites to change the network behavior (e.g. queries to
news website, random.org, etc.).
--
Orr Dunkelman,
[EMAIL PROTECTED]
"If it wasn't for C, we'd be writing programs in BASI, PASAL, and OBOL", anon
Spammers: http://vipe.technion.ac.il/~orrd/spam.html
GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA
(This key will never sign Emails, only other PGP keys.)
On Sun, 25 Jun 2006, Marc A. Volovic wrote:
Quoth Muli Ben-Yehuda:
The theory behind disabling entropy gathering from network sources is
that those can be affected (controlled?) by an attacker. There was a
long thread about this recently on lkml, see thread starting at
http://marc.theaimsgroup.com/?l=linux-kernel&m=114684809230875&w=2 for
both sides of the argument.
I pretty much agree with the theory, but Ami's query is correct - whence
to get entropy in this case?
In theory, by the by, disk access can ALSO be controlled to a degree (less
than network, but still)... So - whence entropy? Shall we now start adding
external devices via RS232 (some kind of multi-cascade motion detector
;-)...
Marc
--
---MAV
Marc A. Volovic [EMAIL PROTECTED]
Swiftouch, LTD +972-544-676764
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
