lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 05 Apr 2010 09:50:44 +0200
From:	Jan Ceuleers <jan.ceuleers@...puter.org>
To:	Alexander Konovalenko <alexkon@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: Reading entropy_avail file appears to consume entropy

Alexander Konovalenko wrote:
> On Mar 19, Jan Ceuleers wrote:
>> I'm using the 2.6.31 kernel that comes with Ubuntu 9.10.
>>
>> If I
>>
>>    # watch cat /proc/sys/kernel/random/entropy_avail
>>
>> then the size of the entropy pool falls rapidly (by more than 200 bytes per 2s interval).
>> It settles down around 160 bytes.
> 
> Jan, did you find out anything interesting about this issue?
> 
> I have a wild guess, although I have no idea whether it can be
> correct. I couldn't catch any user-space /dev/random or /dev/urandom
> readers with fuser, so I think something in the kernel is using up the
> entropy. If I remember correctly, recent Ubuntu releases were supposed
> to include a security feature that randomizes memory layout in order
> to mitigate some kinds of security vulnerabilities. What if each time
> a new process is started the kernel needs to obtain a significant
> number of random bytes? Here is some supporting evidence. I can
> reproduce the behavior you describe on a vanilla Ubuntu 9.10 system
> (without latest updates). But if I watch entropy_avail using a Python
> script that does not start a new process every time, then the
> available entropy amount won't decrease. (The system is otherwise
> idle.) Give it a try:
> 
> $ python
> import sys, time
> while True:
>   sys.stdout.write(open('/proc/sys/kernel/random/entropy_avail',
> 'r').read())
>   time.sleep(1)
> 
> It would be great if someone with knowledge about this could confirm
> or refute my guess.
> 
>  -- Alexander
> 

Alexander,

Thanks, this never made it out to LKML so I'm forwarding it now.

This does sound quite plausible; does anyone from Ubuntu want to chip in?

Thanks, Jan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ