Re: [hackers-il] Re: RE: Re: To Hash or not to Hash [was Re: \\\"On Lisp\ \\" now a=
- On Mon, Feb 11, 2002 at 12:59:03PM +0200, mulix wrote:
> just a quick note that there's a kernel patch to allow all or most ofA controvertial patch, since relying on the randomness of
> the network devices to contribute to /dev/random's entropy pool, rather
> than just a few. no idea if it's applied in the mainline kernel, though.
externally connected devices such as network cards would open
a security hole. Any software on the machine that relies on
randomness will risk having its random number source not only
/read/ but actually /affected/ by an attacker that can, e.g.,
send packets to the network card with careful timing.
This reminds me an old Gaal Yahas (where /is/ he lately?) sig:
"Real programmers type `cat /dev/random >a.out' and affect the
universe randomisity field."
which could actually be made reality.
A better idea was for servers to open up their on-board
unconnected microphone ports and use the static. Which relates
to yet another "Real Programmers" sig.