[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070529214446.GB11115@waste.org>
Date: Tue, 29 May 2007 16:44:46 -0500
From: Matt Mackall <mpm@...enic.com>
To: Andi Kleen <andi@...stfloor.org>
Cc: M Macnair <mmacnair@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: Seeding /dev/random not working
On Wed, May 30, 2007 at 12:08:22AM +0200, Andi Kleen wrote:
> Matt Mackall <mpm@...enic.com> writes:
>
> > On Tue, May 29, 2007 at 05:44:37PM +0100, M Macnair wrote:
> > > On 29 May 2007 18:58:59 +0200, Andi Kleen <andi@...stfloor.org> wrote:
> > > >"M Macnair" <mmacnair@...il.com> writes:
> > > >>
> > > >> Many distros ship with an init script that saves and restores the
> > > >> entropy pool on startup and shutdown. The bit that interests me that
> > > >> is called on startup is (my comments):
> > > >> if [ -f $random_seed ]; then
> > > >> cat $random_seed >/dev/urandom # should seed the pool
> > > >.OA
> > > >Writing doesn't actually work; to get real accounted entropy for
> > > >/dev/random
> > > >you need to use a special ioctl. I ran into this problem some years ago
> > > >and ended up writing http://www.muc.de/~ak/rndfeed.c
> > > >
> > > >-Andi
> > >
> > > If this doesn't work, then it seems to me as though all the
> > > debian-esque distros that use equivalents of the above script are
> > > wasting their time, and the man page recommending that technique (man
> > > 4 random) is also wrong. Is that interpretation correct?
> >
> > Andi is incorrect. Writing does work and everything you write is mixed
>
> Note I wrote accounted entropy above.
>
> > into the pool. It's just not counted as entropy credit.
>
> This means everything using /dev/random blocks. For me that
> includes "does not work".
>
> > This is as intended.
>
> If the intention was to get everybody from stopping /dev/random
> and moving them to /dev/urandom I guess it works well. Congratulations.
The intention is to be secure. It's well-known that goal is often in
conflict with being user-friendly. Pretending we have entropy that we
don't is user-friendly but not secure.
And indeed, there's no reason to think there was any entropy in the
pool when we dumped the seed data from /dev/urandom to disk at
shutdown, so there's no reason we should claim there was any there
when we start up. Especially as someone may have looked at that file
in the interim.
Further, congratulations aren't due to me. Linux /dev/random has
gotten this right since day one.
--
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists