| 1 |
On Thu, 25 Mar 2010 20:17:12 +0000 |
| 2 |
Ed W <lists@××××××××××.com> wrote: |
| 3 |
|
| 4 |
> > out of curiosity, what's that mean exactly? |
| 5 |
> > |
| 6 |
> I believe that the random numbers are encrypted out of the device? I |
| 7 |
> say that because when you start up the userspace daemon you tell it a |
| 8 |
> long random number supplied with the device. I assume this is |
| 9 |
> designed to make sure that some local process can't sniff the entropy |
| 10 |
> (over the USB bus, or whatever) before it's added to the kernel pool? |
| 11 |
|
| 12 |
Pretty much. It is worth noting that the entropy is decrypted before |
| 13 |
being added to the pool; it's not just a whitening scheme. |
| 14 |
|
| 15 |
(Rootly processes can, of course, pretty much know whatever they want |
| 16 |
to. The encryption and hand shaking is there to prevent physical |
| 17 |
access to the outside of the case being as much of an issue.) |
| 18 |
|
| 19 |
B. |
Archives