lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <47729D25.9090904@cfl.rr.com>
Date:	Wed, 26 Dec 2007 13:27:49 -0500
From:	Phillip Susi <psusi@....rr.com>
To:	Marc Haber <mh+linux-kernel@...schlus.de>
CC:	linux-kernel@...r.kernel.org
Subject: Re: Why does reading from /dev/urandom deplete entropy so much?

Marc Haber wrote:
> On Tue, Dec 11, 2007 at 10:42:49AM -0500, Bill Davidsen wrote:
>> The original point was that urandom draws entropy from random, and that 
>> it is an an inobvious and unintentional drain on the entropy pool. At 
>> least that's how I read it.
> 
> And you are reading it correct. At least one of the major TLS
> libraries does it this way, putting unnecessary stress on the kernel
> entropy pool. While I now consider this a bug in the library, there
> surely are gazillions of similiarily flawed applications out there in
> the wild.

It seems to me that reading from (u)random disturbs the entropy pool, so 
the more consumers reading from the pool in unpredictable ways, the 
better.  As it is currently implemented, it lowers the entropy estimate, 
but the pool will have MORE entropy if several applications keep reading 
/dev/random periodically when they need random bytes instead of just 
reading it once to seed their own prng.  IMHO, it is the entropy 
estimate that is broken, not the TLS library.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ