tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

timing network interrupts (Re: insufficient entropy for rnd)



On Wed, Aug 13, 2003 at 02:33:21PM -0400, Perry E. Metzger wrote:
> 
> Daniel Carosone <dan%geek.com.au@localhost> writes:
> > It is the reason device-type net is disabled by default, and it's
> > not a serious risk. Anyone who can predict the arrival time of a
> > network packet interrupt (and subsequent processing) within the
> > precision of a CPU cycle counter has enough control over your
> > machine that randomness is irrelevant.
> 
> I disagree, and besides, many machines don't have cycle counters. 

Yes, and those machines without cycle counters need to be more
careful about usage of rnd all around. They probably shouldn't
enable net devices, nor should they probably be used for critical
randomness.

> If you want to have a long discussion on it, we can, but its a
> side issue in the current conversation.

I am curious about why you disagree; it is a side issue, so I've
changed the subject line - but just a short discussion will do :)

Note that someone who can trigger interrupts at known intervals
(amongst other packets) seems like a lesser concern than someone
who can eliminate all mystery for all packets by having full
knowledge.  By previous arguments (which I am happy to have refuted
if you can), its only the unknown bits that matter.

If someone can predict "enough" timing information that the estimator
under-estimates, then net devices should be set to collect but not
estimate, if the user enables that source.

--
Dan.



Home | Main Index | Thread Index | Old Index