Mailinglist Archive: opensuse-factory (505 mails)

< Previous Next >
Re: [opensuse-factory] haveged - now enabled by default?
  • From: Rob Davies <rob.opensuse.linux@xxxxxxxxx>
  • Date: Tue, 26 Jul 2011 14:50:35 +0100
  • Message-id: <CAKeeO4dtvuoQ9F2q_rJcaLAWLPJ49bjVwVK7yEqAg=WHX9Zkvw@mail.gmail.com>
On 26 July 2011 14:07, Marcus Meissner <meissner@xxxxxxx> wrote:
On Tue, Jul 26, 2011 at 02:43:05PM +0200, Bruno Friedmann wrote:
...
The bad thing is that a cryptographic encrypted stream of pseudo randomness is
not really distinguishable from real randomness.

You would need to evaluate the underlying technology.

How is that a bad thing? If you can't distinguish, then how could an
attacker exploit it?

I understand that some deployments will want to have carefully
"unquestionable" entropy sources, but that appears to me to be an
argument to enable haveged in general.

May be I'm missing something, but for general installation with
practical relaxed requirements this sounds like a "feature", a remote
attacker would have problems to "evaluate the underlying technology"
to select target.

Regards Rob
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >