On Fri, 2010-07-30 at 12:55 -0300, Henrique de Moraes Holschuh wrote: > I have asked the kernel developers. I was told that Linux doesn�t care, > you cannot weaken the random pool doing uncredited writes (like we do) > because the transformation used by the pool itself is fully reversible, > and no information is ever lost, so you cannot dillute it. Ah... that sounds nice... can you point me to the mailing list thread where this was discussed?
I've always wondered how this works, that one cannot dilute the pool by feeding any data into it... just imagine one uses very specially crafted data. So are we/you really absolutely 10000% sure that this works? I mean it would be a catastrophe I we'd accidentally make corrupt the random pool, even it it's just /dev/urandom (or did this also affect /dev/random?). Many crypto-programs use this... the OpenSSL disaster could be nothing compared to problems at that level ;) > Also, size doesn�t matter much, but it is best to match the pool size. > When in doubt, it looks like we can simply always use 4096 bytes. Is the pool never larger? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-sysvinit-devel
