| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 May 2007 12:53:10 +0100 From: "M Macnair" <mmacnair@...il.com> To: linux-kernel@...r.kernel.org Subject: Seeding /dev/random not working In brief: Adding entropy by writing to /dev/[u]random doesn't appear to be working. I am aware that the reported available entropy (via /proc/sys/kernel/random/entropy_avail) will not increase; the symptom is /dev/random keeps spitting out the same numbers. I have two embedded boards (one ARM, one PowerPC), running two different versions of 2.6. They have no hard drives, keyboards or mice. They each have a NIC, but I understand these make no contribution to the entropy pool. Many distros ship with an init script that saves and restores the entropy pool on startup and shutdown. The bit that interests me that is called on startup is (my comments): if [ -f $random_seed ]; then cat $random_seed >/dev/urandom # should seed the pool fi dd if=/dev/urandom of=$random_seed count=1 2>/dev/null # save some data from urandom for next boot I have rebooted my boards many times, and after each boot I read the contents of $random_seed. Whilst it does not happen every time, the contents of $random_seed are /often the same/. To give you a feel: rebooted 11 times, got a total of 3 different outputs. This suggests that cat'ing the contents of the random_seed file into /dev/urandom is not actually increasing the available entropy at all; indeed it is having no effect whatsoever. This is obviously a serious issue on these boards, as writing to /dev/random is the only source of entropy. In place of these startup scripts I have tried my own script that explicitly cats in a load of data, and then reads out several K from /dev/urandom - the data that is read out is normally the same, no matter what data is written. I put the fact that this is not 100% reproducible down to timing variations, which is also the reason why all the experimentation has been done at startup - the reading and writing occurs at very nearly exactly the same kernel time, every time it boots. Is this a bug? Am I doing something stupid? Thanks, Michael Macnair - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists