Patch: Stop using /dev/random
Stephan Mueller
smueller at chronox.de
Wed Nov 16 18:50:59 CET 2016
Am Mittwoch, 16. November 2016, 11:45:52 CET schrieb Scott Arciszewski:
Hi Scott,
> Hi, I didn't receive the responses to my email so I'm just now following up.
> > This statement is not correct.
> >
> > Only getrandom(2) guarantees that.
>
> Wrong. The guarantees here are very different.
>
> getrandom(2) behaves correctly: If the entropy pool hasn't been
> seeded, it will block until it has been seeded.
>
> What I described is a different phenomenon: The Linux kernel seeds the
> unblocking pool first, so once /dev/random has at least 1 byte
> available in its entropy count, you'll know that /dev/urandom has
> already been seeded and therefore you can just use /dev/urandom.
>
> https://github.com/torvalds/linux/blob/523d939ef98fd712632d93a5a2b588e477a75
> 65e/drivers/char/random.c#L805
I am aware of that mechanism, but I did not read that you were refering to
this functionality from the initial statement.
>
> There's really no reason to rely on /dev/random for anything else but
> discovering if /dev/urandom has already been seeded. Then, you can
> safely read from /dev/urandom forever. (Entropy doesn't "run out".)
This is a very hacky check. What happens if there is a /dev/urandom hog during
boot time? For this, it is likely that /dev/random will not return one byte
until that hog is finished. This in turn means your check will wait that long.
Ciao
Stephan
More information about the Gcrypt-devel
mailing list