mailing list archives
Re: Tempfile vulnerabilities
From: lbudney-lists-bugtraq () NB NET (Len Budney)
Date: Thu, 3 Feb 2000 14:18:56 -0500
Theo de Raadt <deraadt () CVS OPENBSD ORG> wrote:
Crypto software which uses [/dev/random] devices should be doing
some kind of checking to make sure that they are getting at least
/dev/random will not emit bytes below some entropy threshold. Somebody
draining /dev/random amounts to a DOS attack; it will begin emitting at a
snail's pace, and users of /dev/random will contend for the scarce bytes.
If lower entropy is acceptable, /dev/urandom will invoke a PRNG to
keep emitting, even when the entropy pool is depleted. The output of
/dev/urandom passes the diehard tests reasonably well, and should be
acceptable for most non-cryptographic applications.
Of course, as Werner Koch already indicated, casual applications of
"random numbers" should not waste the entropy pool.
Bandwidth is bad for the same reason that most programs are so slow:
programmers _guess_ where the bottlenecks are rather than _profiling_.
-- Dan Bernstein
Re: Tempfile vulnerabilities Neil Blakey-Milner (Feb 02)