Patch: Stop using /dev/random

Stephan Mueller smueller at
Wed Nov 16 18:50:59 CET 2016

Am Mittwoch, 16. November 2016, 11:45:52 CET schrieb Scott Arciszewski:

Hi Scott,

> Hi, I didn't receive the responses to my email so I'm just now following up.
> > This statement is not correct.
> > 
> > Only getrandom(2) guarantees that.
> Wrong. The guarantees here are very different.
> getrandom(2) behaves correctly: If the entropy pool hasn't been
> seeded, it will block until it has been seeded.
> What I described is a different phenomenon: The Linux kernel seeds the
> unblocking pool first, so once /dev/random has at least 1 byte
> available in its entropy count, you'll know that /dev/urandom has
> already been seeded and therefore you can just use /dev/urandom.
> 65e/drivers/char/random.c#L805

I am aware of that mechanism, but I did not read that you were refering to 
this functionality from the initial statement.

> There's really no reason to rely on /dev/random for anything else but
> discovering if /dev/urandom has already been seeded. Then, you can
> safely read from /dev/urandom forever. (Entropy doesn't "run out".)

This is a very hacky check. What happens if there is a /dev/urandom hog during 
boot time? For this, it is likely that /dev/random will not return one byte 
until that hog is finished. This in turn means your check will wait that long.


More information about the Gcrypt-devel mailing list