Theoretical vs. practical cryptography in the kernel
Theoretical vs. practical cryptography in the kernel
Posted Aug 20, 2020 4:43 UTC (Thu) by NYKevin (subscriber, #129325)In reply to: Theoretical vs. practical cryptography in the kernel by kleptog
Parent article: Theoretical vs. practical cryptography in the kernel
> > If you add a bunch of stuff that turns out to not be random, then you could make the state predictable if you didn’t get enough data with real randomness in.
> Umm, I don't think that's how it works at all. Adding a gigabyte of zeros to the pool doesn't reduce the entropy in it at all. It doesn't add anything either, but it doesn't hurt.
The original quote is in fact true, but does not mean what you think it means. If you didn't get enough data with real randomness, then you could have a predictable state. This happens regardless of whether or not you also added a bunch of stuff that wasn't random.
The problem, therefore, is whether they should do something with the entropy accounting, not whether they should allow reusing the fast pool bits in this fashion at all.