1 |
On Thu, 25 Mar 2010 20:17:12 +0000 |
2 |
Ed W <lists@××××××××××.com> wrote: |
3 |
|
4 |
> > out of curiosity, what's that mean exactly? |
5 |
> > |
6 |
> I believe that the random numbers are encrypted out of the device? I |
7 |
> say that because when you start up the userspace daemon you tell it a |
8 |
> long random number supplied with the device. I assume this is |
9 |
> designed to make sure that some local process can't sniff the entropy |
10 |
> (over the USB bus, or whatever) before it's added to the kernel pool? |
11 |
|
12 |
Pretty much. It is worth noting that the entropy is decrypted before |
13 |
being added to the pool; it's not just a whitening scheme. |
14 |
|
15 |
(Rootly processes can, of course, pretty much know whatever they want |
16 |
to. The encryption and hand shaking is there to prevent physical |
17 |
access to the outside of the case being as much of an issue.) |
18 |
|
19 |
B. |