Patch: Stop using /dev/random
Scott Arciszewski
scott at paragonie.com
Wed Nov 16 17:45:52 CET 2016
> Hi Andrey,
>
> > Can you please provide references to the statement that Linux makes sure
> > that its pool is seeded before the first read from /dev/urandom? Thank you.
>
> This statement is not correct.
>
> Only getrandom(2) guarantees that.
>
> --
> Ciao
> Stephan
Hi, I didn't receive the responses to my email so I'm just now following up.
> This statement is not correct.
>
> Only getrandom(2) guarantees that.
Wrong. The guarantees here are very different.
getrandom(2) behaves correctly: If the entropy pool hasn't been
seeded, it will block until it has been seeded.
What I described is a different phenomenon: The Linux kernel seeds the
unblocking pool first, so once /dev/random has at least 1 byte
available in its entropy count, you'll know that /dev/urandom has
already been seeded and therefore you can just use /dev/urandom.
https://github.com/torvalds/linux/blob/523d939ef98fd712632d93a5a2b588e477a7565e/drivers/char/random.c#L805
There's really no reason to rely on /dev/random for anything else but
discovering if /dev/urandom has already been seeded. Then, you can
safely read from /dev/urandom forever. (Entropy doesn't "run out".)
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
More information about the Gcrypt-devel
mailing list