On Sun, Sep 22, 2013 at 03:45:11PM -0700, H. Peter Anvin wrote: > I understand the motivation, but I question basing it in a fixed amount of > time.
We already have a threshold based on the amount of the entropy in the input pool. I could increase that threshold, but then instead of having the entropy hover between say, 192 and 128, it would hover between say, 576 and 512. What that means in practice is that there will be a higher baseline, but we will still end up reseeding every 10 seconds or so (that being approximately how much entropy I've seen flowing into the input pool on my laptop system --- 64 bits every 10 seconds or so). By basing it on a time-based threshold, it means that the input pool can build up faster such that over time, such that entropy pool ends up hovering around 3400 bits. What is your concern is about having it being time-based --- or more accurately, being partially time-based, since we also keep the entorpy count based threshold? I'll note that the Fortuna Random Number Generator, devised by Bruce Schneier and Niels Ferguson also uses as part of its design a time-based reseed limit. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/