| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Jun 2009 21:58:54 +0200 From: Folkert van Heusden <folkert@...heusden.com> To: Matt Mackall <mpm@...enic.com> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: issue with /dev/random? gets depleted very quick [ /dev/random gets emptied very quickly ] ... > > > Is this a problem? It really shouldn't be. Everyone should be > > > using /dev/urandom anyway. And the anti-starvation threshold guarantees > > > > Well, if I understood correctly how /dev/*random works, urandom is fed > > by /dev/random. So if there's almost nothing left in the main pool and > > urandom demands bits then we have an issue. > > Also, if you frequently want to generate keys (thing gpg, ssl), I think > > you want bits from /dev/random and not urandom. > > There is really no difference. > In an ideal world, we could accurately estimate input entropy and thus > guarantee that we never output more than we took in. But it's pretty > clear we don't have a solid theoretical basis for estimating the real > entropy in most, if not all, of our input devices. In fact, I'm pretty > sure they're all significantly more observable than we're giving them > credit for. And without that basis, we can only make handwaving > arguments about the relative strength of /dev/random vs /dev/urandom. > So if you're running into /dev/random blocking, my advice is to delete > the device and symlink it to /dev/urandom. Two questions: - if the device gets empty constantly, that means that filling applicaties (e.g. the ones that feed /dev/random from /dev/hwrng or from an audio-source or whatever) - if we don't know if we're accounting correctly, why doing at all? especially if one should use urandom instead of random > Also note that if something in the kernel is rapidly consuming entropy > but not visibly leaking it to the world, it is effectively not consuming > it. Then the counter should not be decreased? > In this case, if no one hears the tree fall, it hasn't actually fallen. > There is exactly as much 'unknown' data in the entropy pool as before. > If anything, the pool contents are now harder to guess because it's been > mixed more. Folkert van Heusden -- MultiTail ist eine flexible Applikation um Logfiles und Kommando Eingaben zu überprüfen. Inkl. Filter, Farben, Zusammenführen, Ansichten etc. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists