On Fri, Sep 09, 2011 at 03:08:03PM -0400, Eric Paris wrote:
> On Thu, Sep 8, 2011 at 12:13 PM, David Miller <da...@davemloft.net> wrote:
> > From: Steve Grubb <sgr...@redhat.com>
> 
> >> This patch does not _break_ all existing applications. If a system were 
> >> under attack,
> >> they might pause momentarily, but they do not break. Please, try the patch 
> >> and use a
> >> nice large number like 2000000 and see for yourself. Right now, everyone 
> >> arguing about
> >> this breaking things have not tried it to see if in fact things do break 
> >> and how they
> >> break if they do.
> >
> > If the application holds a critical resource other threads want when it
> > blocks on /dev/urandom, then your change breaks things.  I can come up
> > with more examples if you like.
> >
> > Please get off this idea that you can just change the blocking behavior
> > for a file descriptor and nothing of consequence will happen.
> 
> I know it's work porting userspace, but would anyone think that a new
> char device to do this would be a good enough idea?  You obviously
> already worked out methods to port things which normally use urandom
> to use random to discover the problem, so most of the work should be
> done.  I suggest /dev/jkrandom (since this is half way between
> /dev/random and /dev/urandom and 'u' is the 21st letter it seemed
> appropriate to use letters 10 and 11)
> 
I was going to suggest /dev/sourandom (for sort-of-urandom) :)
Neil

> Thus userspace can decide what matters.  Always with entropy and
> blocks often (random).  From good enough entropy and rarely blocks
> (jkrandom).  Possibly from some entropy and never block (urandom).
> 
> -Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to