Bugtraq mailing list archives
Re: Tempfile vulnerabilities
From: schoen () LOYALTY ORG (Seth David Schoen)
Date: Mon, 7 Feb 2000 16:01:21 -0800
Ian Turner writes:
Can be so easy to DoS cryptographic software?Yes. If you don't trust your users to not deplete the entropy, then don't give them permission to read it.
An intermediate possibility is to have multiple RNGs with multiple sources of entropy, or multiple RNGs with entropy divided among them somehow, or a single RNG which enforces a reasonable policy of some sort when multiple processes want to access it at once. Modern multiuser operating systems have solved all _kinds_ of problems around concurrency and dealing with contention over a shared resource. There is no reason that they should not be able to do exactly the same thing for an entropy pool, if it becomes an issue. -- Seth David Schoen <schoen () loyalty org> | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5
Current thread:
- Re: Statistical Attack Against Virtual Banks, (continued)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)
- Re: Tempfile vulnerabilities Chris Cappuccio (Feb 03)
- Cross Site Scripting security issue Robert Zilbauer (Feb 02)
- Re: Tempfile vulnerabilities Len Budney (Feb 03)
- Re: Tempfile vulnerabilities antirez (Feb 05)
- Re: Tempfile vulnerabilities Ian Turner (Feb 07)
- Re: Tempfile vulnerabilities Seth David Schoen (Feb 07)
- Remote access vulnerability in all MySQL server versions Robert van der Meulen (Feb 08)
- don't run random "exploit" code Marc Slemko (Feb 08)
- cookies - nothing new Steven Champeon (Feb 07)
- Re: cookies - nothing new MJE (Feb 08)
- Re: Tempfile vulnerabilities Peter Berendi (Feb 08)
- Re: Tempfile vulnerabilities Marc Lehmann (Feb 08)
