Compromising /dev/random (idea) by Baron_Saturday

#!/bin/sh
rm /dev/random
mknod /dev/random c 1 5

You can't trust the random number generator on any system you don't control. The above script deletes /dev/random and then recreates it - but instead of using the device numbers for a character device that outputs random data from the entropy pool (1,8) it uses the numbers for a device that spits out nothing but zero (1,5). So when you think you are generating a 4096 bit secure key using genuine random data, you are just getting four thousand zeros. And even if your software checks for something like this, there are more sophisticated ways to generate random looking data that isn't.

While this doesn't matter at all to the most users, it's a potentially major problem for anyone that relies on encryption for security. The moral of the story - secure communications requires a lot more than using a very large key.

non-compressibility of random data	Do the world a favor, raise your kids atheist	dd if=/dev/zero of=/dev/hda	entropy pool
mknod	stir-fried random	my p166 isn't so cool anymore	No important data was harmed by the ILOVEYOU worm
/dev/random	von Neumann corrector	Disabled, but able to rock!	catting weird things to /dev/audio
/dev/zero	Software is free speech	Isn't this what your home node is for?	Things you can tell just by looking at her
/dev/tty	L4Ka	The Thorough Good Cook	The volume of stuff you own is directly proportional to how far you have to move
Josef Stalin	random number generator