lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 08 Sep 2011 08:41:57 +0200
From:	Tomas Mraz <tmraz@...hat.com>
To:	Neil Horman <nhorman@...hat.com>
Cc:	Steve Grubb <sgrubb@...hat.com>,
	Sasha Levin <levinsasha928@...il.com>,
	"Ted Ts'o" <tytso@....edu>, Jarod Wilson <jarod@...hat.com>,
	linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>,
	Herbert Xu <herbert.xu@...hat.com>,
	Stephan Mueller <stephan.mueller@...ec.com>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: add blocking facility to urandom

On Wed, 2011-09-07 at 19:57 -0400, Neil Horman wrote: 
> On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
> > On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
> > > Anyway, it won't happen fast enough to actually not block.
> > > 
> > > Writing 1TB of urandom into a disk won't generate 1TB (or anything close
> > > to that) of randomness to cover for itself.
> > 
> > We don't need a 1:1 mapping of RNG used to entropy acquired. Its more on the scale of 
> > 8,000,000:1 or higher.
> > 
> Where are you getting that number from?
> 
> You may not need it, but there are other people using this facility as well that
> you're not considering.  If you assume that in the example Sasha has given, if
> conservatively, you have a modern disk with 4k sectors, and you fill each 4k
> sector with the value obtained from a 4 byte read from /dev/urandom, You will:
> 
> 1) Generate an interrupt for every page you write, which in turn will add at
> most 12 bits to the entropy pool
> 
> 2) Extract 32 bits from the entropy pool
> 
> Thats just a loosing proposition.   Barring further entropy generation from
> another source, this is bound to stall with this feature enabled. 
Why so? In the case the blocking limit is on 8MBits of data read
from /dev/urandom per every 1 bit added to the entropy pool (this is not
the exact way how the patch behaves but we can approximate that) I do
not see the /dev/urandom can block if the bytes read from it are written
to disk device - of course only if the device adds entropy into the
primary pool when there are writes on the device.

Of course you can still easily make the /dev/urandom to occasionally
block with this patch, just read the data and drop it.

But you have to understand that the value that will be set with the
sysctl added by this patch will be large in the order of millions of
bits.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ