| |||||||||||||
MAC address as random input?MAC address as random input?Posted Jul 25, 2012 21:37 UTC (Wed) by pjm (subscriber, #2080)In reply to: MAC address as random input? by Max.Hyre Parent article: Random numbers for embedded devices
Another thing to note is that it doesn't hurt to add lots of attacker-known data to the pool, so long as there's at least k bits of attacker-unknown data also in the pool. So using the MAC address by default is fine if there are some systems where attackers don't trivially know the value.
(Log in to post comments)
MAC address as random input? Posted Jul 26, 2012 8:01 UTC (Thu) by nix (subscriber, #2304) [Link]
Quite. This is one reason why the BSDs et al don't bother with an entropy estimate: as long as there's *some* entropy, you're fine, and if it's wrong, you're very much not fine.
(I like the entropy estimator for a much more selfish reason: collecting randomness from some sources can be quite expensive, and we can use the entropy estimator as a high-water-mark to indicate that there's no point whatsoever providing more randomness because nobody's read much since we last shoved a bunch in. We could do much the same thing with a simple counter of "bytes read from /dev/*random by other users since last entropy fed in by a /dev/random writer", but that leaks information about those other users and might be considered ugly. The BSDs don't have a counter like this, and it makes the ekeyd ridiculously costly on those platforms because it has to pull entropy from the key and remix it for /dev/random all the time, even if the system is otherwise totally idle.)
|
|||||||||||||