Pavel Machek wrote:
I was unsure about the purported forward-security-breakage claims
because I don't know how to validate those, but I seem to recall
(from personal knowledge and the paper) that the kernel does an SHA1
hash of the contents of the pool and the current cycle-counter when
reading, uses that as input for the next pool state and returns it
as /dev/random output. Since the exact cycle-counter value is never
exposed outside the kernel and only a small window of the previous
Are you sure? For vsyscalls to work, rdtsc has to be available from
userspace, no?
I suspect he means "the exact cycle counter value at the time of reading
the contents of the pool" is never exposed outside the kernel.
"rdtsc" is of course available in userspace on x86.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
