On Wed, 21 Apr 2004 12:49, Colin Walters <walters(a)redhat.com> wrote:
I presume by the way there's a reason access to random_device_t
is was
originally denied - it prevents users from draining your good entropy by
generating a ton of keys. On the other hand, if you have GPG installed
Actually when I gave different types to /dev/random and /dev/urandom we just
sorted out which access each program seemed to need. At the time GPG didn't
seem to want /dev/random access. If it wants it then it should get it.
Maybe the right way is a resource constraint framework. Anyways, do
people think this is worth being made into a tunable or something?
I think that a resource constraint framework for entropy would be useful.
However there are other ways of attacking the problem.
It seems that every desktop, laptop, and PDA shipped in the last few years has
sound hardware. The microphone that's built in to many machines can be used
as a source of entropy, and even an unconnected line-in if sampled at 16bit
will do reasonably well. There is already policy
for /usr/sbin/audio-entropyd to use this, if we get this packaged then maybe
it would be the best solution to the problem?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page