[13707] in bugtraq
Re: Tempfile vulnerabilities
daemon@ATHENA.MIT.EDU (Len Budney)
Sat Feb 5 01:40:23 2000
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20000203141856H.lbudney-lists-bugtraq@nb.net>
Date: Thu, 3 Feb 2000 14:18:56 -0500
Reply-To: Len Budney <lbudney-lists-bugtraq@NB.NET>
From: Len Budney <lbudney-lists-bugtraq@NB.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002022136.OAA09251@cvs.openbsd.org>
Theo de Raadt <deraadt@CVS.OPENBSD.ORG> wrote:
>
> Crypto software which uses [/dev/random] devices should be doing
> some kind of checking to make sure that they are getting at least
> good entropy.
/dev/random will not emit bytes below some entropy threshold. Somebody
draining /dev/random amounts to a DOS attack; it will begin emitting at a
snail's pace, and users of /dev/random will contend for the scarce bytes.
If lower entropy is acceptable, /dev/urandom will invoke a PRNG to
keep emitting, even when the entropy pool is depleted. The output of
/dev/urandom passes the diehard tests reasonably well, and should be
acceptable for most non-cryptographic applications.
Of course, as Werner Koch already indicated, casual applications of
"random numbers" should not waste the entropy pool.
Len.
--
Bandwidth is bad for the same reason that most programs are so slow:
programmers _guess_ where the bottlenecks are rather than _profiling_.
-- Dan Bernstein
