On Sun, May 18, 2008 at 08:41:10AM +0200, Gilles Espinasse wrote:

quoted

On Fri, May 16, 2008 at 10:08:29PM +0200, Gilles Espinasse wrote:

quoted

That's funny
It does look to disturb some kernel developper that ethernet may be

sniffed

quoted

quoted

to feed a RNG
even that could be very hard to reach any effective result in the case

of a

quoted

quoted

machine splitting different network segments.

In the same time, it does not disturb openssl developpers to include non
initialised memory that may or may not be predictable to feed a RNG.
http://marc.info/?l=openssl-dev&m=121095151003011&w=2

Why should it disturb them?

As is explained in the email you quote it cannot make the RNG
output worse.

Yes that's the whole point.
Why remove IRQF_SAMPLE_RANDOM if "it cannot make the RNG output worse."
We should not care if network traffic can be sniffed in some configurations
(plus sniffing could be very unlikely in some others).
...
Are network drivers better without SAMPLE_RANDOM?
My understanding of openssl developper answer is same as yours :
"it cannot make the RNG output worse."

The "it cannot make the RNG output worse." only applies to the OpenSSL 
case (one could argue whether it makes sense, but it can't do harm).

IRQF_SAMPLE_RANDOM and what was discussed in this email on the OpenSSL 
mailing list are two completely different subjects, and you completely 
miss the problem when you mix them.

So why remove SAMPLE_RANDOM on network cards today if there is no
replacement solution ready for x% of machines running linux actually?
...

The replacement solution ready on all Linux machines today is for 
userspace to use /dev/urandom instead of /dev/random if feasible.

Gilles

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed