[PATCH] Updated: Let net devices contribute entropy

[PATCH] Updated: Let net devices contribute entropy

[Robert Love]

Available at:
http://tech9.net/rml/linux/patch-rml-2.4.9-netdev-random-1
http://tech9.net/rml/linux/patch-rml-2.4.9-netdev-random-2
for 2.4.9 (this is an update to the previous release), and:
http://tech9.net/rml/linux/patch-rml-2.4.8-ac10-netdev-random-1
http://tech9.net/rml/linux/patch-rml-2.4.8-ac10-netdev-random-2
for 2.4.8-ac10. Patch 1 contains the updated core code and patch 2
contains the updated drivers.  

What's New:
o 	_ALL_ network devices have been converted.  That is 159 drivers 	in
ac10.  Please help with patches if there are any missing 	drivers or
errors in the included drivers.
o	Updated the Configure.help entry to detail the situation where 	the
config option would endanger the entropy pool, per lklm 	discussion.
Thanks Alex	Bligh for the wording.
o	Resynced with the drivers in 2.4.9 and ac10 and the new archs in 	the
ac series.

For those who are new, this patch creates a new configure option which
enables network devices to contribute to /dev/random.  Previously, only
a few network devices feed the entropy pool.  With this patch, none do
until the config is set at which time they all can.

It works by defining a new request_irq flag, SA_SAMPLE_NET_RANDOM, which
when CONFIG_NET_RANDOM is set defines to SA_SAMPLE_RANDOM.

Previous discussions on this thread have hit on a lot of the issues
surronding this patch.  Currently, the opinion is: if an external
attacker can observe your network traffic precisely enough, they can
learn something of the state of your entropy pool, which would make the
entropy count an overestimate.  Now, however, the attacker will still
not be able to predict the output of /dev/random if the one-way hash
(SHA-1) remains unbreakable.  It has also been pointed out that it is
also important to seed /dev/random on bootup from the previous session
-- all distributions I know of do this.

Who is this for?  Users on systems with very low entropy, such as
headless or diskless systems _need_ a solution like this.  Some users
may be low on entropy, and do not like the 30s wait when SSH reads from
/dev/random -- this patch is for them, too.  Finally, there are users
like myself who don't fear attackers on their LAN and want more entropy
to feed their self esteem. :>

To install: apply the correct patches and enable the config option in
'Network Devices'.  Enjoy.

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

Re: [PATCH] Updated: Let net devices contribute entropy

[Robert Love]

ac11 patches are at:

http://tech9.net/rml/linux/patch-rml-2.4.8-ac11-netdev-random-1
and,
http://tech9.net/rml/linux/patch-rml-2.4.8-ac11-netdev-random-2

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

Re: [PATCH] Updated: Let net devices contribute entropy

[Robert Love]

Updated patch for 2.4.8-ac12 is available at:
http://tech9.net/rml/linux/patch-rml-2.4.8-ac12-netdev-random-1
and
http://tech9.net/rml/linux/patch-rml-2.4.8-ac12-netdev-random-2
as always, #1 adds the core support and #2 updates all network devices
to use the new flag.

2.4.9 patches are still available from the same place.

nothing new, sans the resync, since the previous patch.  i believe all
architectures and network devices are still supported.

the interested are highly encouraged to read the previous thread for a
summary of the patch and the resulting discussions.
 
-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net

[PATCH] 2.4.9/2.4.10 Let net devices contribute entropy

[Robert Love]

Updated patches to optionally enable network devices to feed the kernel
entropy pool are available for both 2.4.10-pre2 and 2.4.9-ac5.  The
patches come in two parts, part one containing the new code and related
bits and part two containing updates to (hopefully) all network devices
to enable the new support (and remove mandatory contribution for those
devices that do so now).

Apply both patches and enable the new option in `Network Devices'.

Patches accepted for missing architectures and drivers. Comments
desired.  For a length discussion of the patch and the entropy gatherer
in general, see the previous threads.

For 2.4.9-ac5:
http://tech9.net/rml/linux/patch-rml-2.4.9-ac5-netdev-random-1
http://tech9.net/rml/linux/patch-rml-2.4.9-ac5-netdev-random-2

For 2.4.10-pre2:
http://tech9.net/rml/linux/patch-rml-2.4.10-pre2-netdev-random-1
http://tech9.net/rml/linux/patch-rml-2.4.10-pre2-netdev-random-2

Enjoy.

-- 
Robert M. Love
rml at ufl.edu
rml at tech9.net