lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070529214446.GB11115@waste.org>
Date:	Tue, 29 May 2007 16:44:46 -0500
From:	Matt Mackall <mpm@...enic.com>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	M Macnair <mmacnair@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: Seeding /dev/random not working

On Wed, May 30, 2007 at 12:08:22AM +0200, Andi Kleen wrote:
> Matt Mackall <mpm@...enic.com> writes:
> 
> > On Tue, May 29, 2007 at 05:44:37PM +0100, M Macnair wrote:
> > > On 29 May 2007 18:58:59 +0200, Andi Kleen <andi@...stfloor.org> wrote:
> > > >"M Macnair" <mmacnair@...il.com> writes:
> > > >>
> > > >> Many distros ship with an init script that saves and restores the
> > > >> entropy pool on startup and shutdown.  The bit that interests me that
> > > >> is called on startup is (my comments):
> > > >>       if [ -f $random_seed ]; then
> > > >>               cat $random_seed >/dev/urandom  # should seed the pool
> > > >.OA
> > > >Writing doesn't actually work; to get real accounted entropy for 
> > > >/dev/random
> > > >you need to use a special ioctl. I ran into this problem some years ago
> > > >and ended up writing http://www.muc.de/~ak/rndfeed.c
> > > >
> > > >-Andi
> > > 
> > > If this doesn't work, then it seems to me as though all the
> > > debian-esque distros that use equivalents of the above script are
> > > wasting their time, and the man page recommending that technique (man
> > > 4 random) is also wrong.  Is that interpretation correct?
> > 
> > Andi is incorrect. Writing does work and everything you write is mixed
> 
> Note I wrote accounted entropy above.
> 
> > into the pool. It's just not counted as entropy credit.
> 
> This means everything using /dev/random blocks.  For me that
> includes "does not work".
> 
> > This is as intended.
> 
> If the intention was to get everybody from stopping /dev/random
> and moving them to /dev/urandom I guess it works well. Congratulations.

The intention is to be secure. It's well-known that goal is often in
conflict with being user-friendly. Pretending we have entropy that we
don't is user-friendly but not secure.

And indeed, there's no reason to think there was any entropy in the
pool when we dumped the seed data from /dev/urandom to disk at
shutdown, so there's no reason we should claim there was any there
when we start up. Especially as someone may have looked at that file
in the interim.

Further, congratulations aren't due to me. Linux /dev/random has
gotten this right since day one.

-- 
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ