Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote: I can't believe he actually intends to keep it like this.. I'm going to #define DEV_RANDOM /dev/random for Linux systems. That's bad, because that will drain the entropy a lot, and it might block for a long time, and that for no good reason as I don't think the magic cookie needs strong cryptographical security (for comparison: The secret key of a public key cryptography key pair should be created using /dev/random, while for session keys /dev/urandom is good enough). Also, reading /dev/mem doesn't sound very secure at all (even if it works) because the patterns in the memory of a computer are probably predictable and a lot of information can be observed from the outside (which processes are running etc). Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org[EMAIL PROTECTED] Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ [EMAIL PROTECTED] http://www.marcus-brinkmann.de/
Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 08:16:06PM +0100, Matthew Wilcox wrote: On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote: Also, reading /dev/mem doesn't sound very secure at all (even if it works) because the patterns in the memory of a computer are probably predictable and a lot of information can be observed from the outside (which processes are running etc). why do you assume that xdm uses the raw result from /dev/mem? I don't. That would be obviously too foolish. It would also not make sense by Branden's original mail which clearly stated that xdm can read several megabytes from /dev/mem. I assume they do this because they know that /dev/mem doesn't contain much entropy, and as such they try to get enough randomness squeezed out of it by reading more and more of it. This is a dubious approach. running, say, md5 over the results would give you something as close to random as i doubt you could find a difference. You are mistaken. Do yourself a favour and get a book about (pseudo) random number generators, entropy, hash functions and cryptography. If you don't start with random numbers, you can turn the numbers upside down, it won't get any more random than what you started with. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org[EMAIL PROTECTED] Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ [EMAIL PROTECTED] http://www.marcus-brinkmann.de/
Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 02:43:09PM -0500, Branden Robinson wrote: xdm doesn't read the same amount of data when it's reading from a (presumably) entropic device node. I didn't assume that. It reads eight size_t's. Surely that is not excessive. It's eight size_t's good entropy wasted for no important use still. In some environments, good entropy is really hard to get at. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org[EMAIL PROTECTED] Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ [EMAIL PROTECTED] http://www.marcus-brinkmann.de/
Re: a small C program to test xdm's /dev/mem reading on your architecture
On Mon, Aug 26, 2002 at 02:44:26PM -0500, Branden Robinson wrote: On Mon, Aug 26, 2002 at 03:28:18PM -0400, Jeff Sheinberg wrote: Why does anyone need to read megabytes of urandom? Nobody does. Or, at least, xdm doesn't. Markus is opining without the benefit of having checked the facts. Uh, I never, ever said that xdm would read megabytes from any /dev/ but /dev/mem. Some people have too much phantasies. Thanks, Brandon, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org[EMAIL PROTECTED] Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ [EMAIL PROTECTED] http://www.marcus-brinkmann.de/
Re: Where is the autobuilder?
On Tue, Mar 06, 2001 at 11:55:01PM +0900, Chu-yeon Park wrote: For s390 binaries, I decided to compile the binaries on 'autobuilder' plan, on my S/390 machine. And then, Who do I have to contact? I remember having ever listened that someone use it on sparc-ports. Beside wanna-build, which is used by all ports but hurd-i386, there is also turtle, see http://sourceforge.com/projects/turtle. Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED] Marcus Brinkmann GNUhttp://www.gnu.org[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.marcus-brinkmann.de
Re: Where is the autobuilder?
On Tue, Mar 06, 2001 at 08:22:00PM +0100, Michel Dänzer wrote: Beside wanna-build, which is used by all ports but there is also turtle, see http://sourceforge.com/projects/turtle. Minor correction: http://sourceforge.net/projects/turtle Thanks. So hurd-i386 uses turtle? Or something else yet? Well, yes. But we don't build the whole archive in long dumb runs yet. I can't offer a comparison between turtle and wanna-builds, but turtle should be easy to install and use, but it isn't feature complete yet. Notably it's not a daemon, and it doesn't support source dependencies. (Although I think it should be easy to hack sbuild or how it is called into it). It's also using a perl gpg module that doesn't exist anymore, I am going to hack this very soon. Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED] Marcus Brinkmann GNUhttp://www.gnu.org[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.marcus-brinkmann.de
