> For what it's worth, in Android, we do more than suggested by "man 4 > random". Most Linux systems just save and restore entropy across boots, and > don't feed in device specific information into the pool. In Android, we add > device specific data to the entropy pool, to (help) prevent device class > attacks. Two Android systems with different device device IDs should never > have their entropy pool in the same state.
Two android systems with the SAME device ID should never have their entropy pool in the same state either. Couldn't this specific data be known/found anyway. Every system should have unique data to use. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/rnd.c?rev=1.140;content-type=text%2Fplain -- ________________________________________________________ Why not do something good every day and install BOINC. ________________________________________________________ -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
