On Sat, 2007-12-08 at 18:47 -0500, Theodore Tso wrote: > On Sat, Dec 08, 2007 at 09:42:39PM +0100, Willy Tarreau wrote: > > I remember having installed openssh on an AIX machines years ago, and > > being amazed by the number of sources it collected entropy from. Simple > > commands such as "ifconfig -a", "netstat -i" and "du -a", "ps -ef", "w" > > provided a lot of entropy. > > Well.... not as many bits of entropy as you might think. But every > little bit helps, especially if some of it is not available to > adversary.
I was always especially fond of the "du" entropy source with Solaris installations of OpenSSH (the PRNG used commands like "du" too). It was always amusing that a single network outage at the University would prevent anyone from ssh'ing into the "UNIX" machines. So yeah, if we want to take a giant leap backwards, I suggest jumping at this. Lots of these are not actually random - you can guess the free space on a network drive in some certain cases, you know what processes are likely to be created on a LiveCD, and many dmesg outputs are very similar, especially when there aren't precie timestamps included. But I do think it's time some of this got addressed :-) Cheers, Jon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/