undefined | Better HN

0 pointszuzun10y ago0 comments

I assume the original author meant to say: draining /dev/random does not affect the cryptographic quality of the random numbers produced by both devices.

But yes, since there's only one entropy pool, attackers can drain /dev/random, causing other programs that rely on /dev/random to block.

All I can say is: on newer kernels, attackers can still drain the pool by using the getrandom syscall, so unless you block that syscall, not mounting /dev/random does not increase the security.

0 comments

1 comments · 1 top-level

dyn10y ago

Hi author here.

Yes, that is what I was trying to say. I'll clarify it in a future version.

That's a good point, I'll include that! Thanks.

j / k navigate · click thread line to collapse