From: Matt Mackall <mpm@selenic.com>
To: Chris Peterson <cpeterso@cpeterso.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [resend] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM
Date: Wed, 13 May 2009 01:08:50 -0500 [thread overview]
Message-ID: <20090513060850.GZ31071@waste.org> (raw)
In-Reply-To: <alpine.DEB.2.00.0905130118140.15823@ubuntu-desktop>
On Wed, May 13, 2009 at 01:34:47AM -0400, Chris Peterson wrote:
>
> I know a new "pragmatic entropy accounting model" is in the works, but
> until then, this patch removes the network drivers' last few uses of
> theoretically-exploitable network entropy. Only 11 net drivers are
> affected. Headless servers should use a more secure source of entropy,
> such as the userspace daemons.
Actually, I'd rather not do this.
I've instead become convinced that what /dev/random's entropy
accounting model is trying to achieve is not actually possible.
It requires:
a) a strict underestimate of entropy
b) from completely unobservable, uncontrollable sources
c) with no correlation to observable sources
If and only if we meet all three of those requirements for all entropy
sources can we actually reach the theoretical point where /dev/random
is actually distinct from /dev/urandom.
Practically, we're nowhere close on any of those points. We have no
good model for estimating (a) for most sources, and almost all sources
are directly or indirectly observable or controllable to some degree.
Once we acknowledge that, it's easy to see that the right way forward
is not to aim for perfect, but instead to aim for really good. And
that means:
1) significantly more sampling sources with lower overhead
2) more defense in depth
3) working well on headless machines and with hardware RNG sources
4) simpler, more auditable code
5) never starving users
So while your current patch is 'correct' in the current theoretical
model (and one I've personally tried to push in the past), I think the
theoretical model itself needs to change and this is thus a step in
the wrong direction. The future model will continue to sample network
devices on theory that they -might- be less than 100% observable and
that can only increase our total (unmeasurable) amount of entropy.
--
Mathematics is the supreme nostalgia of our time.
next prev parent reply other threads:[~2009-05-13 6:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-13 5:34 [PATCH] [resend] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM Chris Peterson
2009-05-13 6:08 ` Matt Mackall [this message]
2009-05-13 7:17 ` Chris Peterson
2009-05-13 14:25 ` Matt Mackall
2009-05-13 19:39 ` Jeff Garzik
2009-05-13 19:55 ` Matt Mackall
-- strict thread matches above, loose matches on Subject: below --
2008-06-14 5:48 Chris Peterson
2008-06-14 9:43 ` Jeff Garzik
[not found] <ayJOq-3EJ-15@gated-at.bofh.it>
2008-05-29 12:41 ` Martin Wilck
2008-05-29 6:23 Chris Peterson
2008-05-29 10:49 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090513060850.GZ31071@waste.org \
--to=mpm@selenic.com \
--cc=cpeterso@cpeterso.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.