| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 May 2007 16:44:46 -0500 From: Matt Mackall <mpm@...enic.com> To: Andi Kleen <andi@...stfloor.org> Cc: M Macnair <mmacnair@...il.com>, linux-kernel@...r.kernel.org Subject: Re: Seeding /dev/random not working On Wed, May 30, 2007 at 12:08:22AM +0200, Andi Kleen wrote: > Matt Mackall <mpm@...enic.com> writes: > > > On Tue, May 29, 2007 at 05:44:37PM +0100, M Macnair wrote: > > > On 29 May 2007 18:58:59 +0200, Andi Kleen <andi@...stfloor.org> wrote: > > > >"M Macnair" <mmacnair@...il.com> writes: > > > >> > > > >> Many distros ship with an init script that saves and restores the > > > >> entropy pool on startup and shutdown. The bit that interests me that > > > >> is called on startup is (my comments): > > > >> if [ -f $random_seed ]; then > > > >> cat $random_seed >/dev/urandom # should seed the pool > > > >.OA > > > >Writing doesn't actually work; to get real accounted entropy for > > > >/dev/random > > > >you need to use a special ioctl. I ran into this problem some years ago > > > >and ended up writing http://www.muc.de/~ak/rndfeed.c > > > > > > > >-Andi > > > > > > If this doesn't work, then it seems to me as though all the > > > debian-esque distros that use equivalents of the above script are > > > wasting their time, and the man page recommending that technique (man > > > 4 random) is also wrong. Is that interpretation correct? > > > > Andi is incorrect. Writing does work and everything you write is mixed > > Note I wrote accounted entropy above. > > > into the pool. It's just not counted as entropy credit. > > This means everything using /dev/random blocks. For me that > includes "does not work". > > > This is as intended. > > If the intention was to get everybody from stopping /dev/random > and moving them to /dev/urandom I guess it works well. Congratulations. The intention is to be secure. It's well-known that goal is often in conflict with being user-friendly. Pretending we have entropy that we don't is user-friendly but not secure. And indeed, there's no reason to think there was any entropy in the pool when we dumped the seed data from /dev/urandom to disk at shutdown, so there's no reason we should claim there was any there when we start up. Especially as someone may have looked at that file in the interim. Further, congratulations aren't due to me. Linux /dev/random has gotten this right since day one. -- Mathematics is the supreme nostalgia of our time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists