OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: /dev/random is probably not

From: Glynn Clements (glynngclements.plus.com)
Date: Tue Jul 05 2005 - 09:59:28 CDT


"Zow" Terry Brugger wrote:

> It's been a while since I looked at the /dev/random design on Linux
> (probably the early 2.4 days), however one thing that was quite
> clear was that they did not use any network I/O as entropy sources
> because an attacker, particularly one that already had control of
> other machines on the same LAN segment, could have a high degree of
> control over that source.

They don't need to have any control; simply being able to observe
network traffic means that it is no longer random (in the sense of
"unpredictable", which is what counts from a security perspective).

--
Glynn Clements <glynngclements.plus.com>