lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <13074229.arz8HkBRPc@positron.chronox.de>
Date:   Sat, 22 Oct 2016 05:43:36 +0200
From:   Stephan Mueller <smueller@...onox.de>
To:     Ted Tso <tytso@....edu>
Cc:     linux-kernel@...r.kernel.org
Subject: why getrandom blocking does not work with /dev/urandom

Hi Ted,

as mentioned, I looked a bit deeper into the issue of adding the blocking 
behavior of getrandom to /dev/urandom.

As you and I already identified, moving that blocking behavior to /dev/urandom 
simply does not work. The system does not boot.

The reason to this issue is actually quite simple. The init process of systemd 
reads /dev/urandom for whatever purpose. Now, when /dev/urandom blocks during 
boot, systemd will be blocked too. That means that user space (either in the 
initramfs or with the regular root partition) is set up.

When there is no user space initialized, there are no devices set up. The 
network card is not initialized, the block devices are not mounted, other 
devices are not initialized. That means that neither interrupts nor block 
device events are registered.

The only device that does not need setup and that will generate events is a 
keyboard / mouse whose drivers are statically compiled (or other devices that 
trigger interrupts without requiring any user space setup procedure). Thus, if 
you use HID long enough, the kernel will eventually receive sufficient entropy 
from these events, release systemd and user space starts.

However, just by itself, user space will almost never start with a blocking 
behavior of /dev/urandom.

Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ