Patch: Stop using /dev/random
smueller at chronox.de
Wed Nov 16 18:50:59 CET 2016
Am Mittwoch, 16. November 2016, 11:45:52 CET schrieb Scott Arciszewski:
> Hi, I didn't receive the responses to my email so I'm just now following up.
> > This statement is not correct.
> > Only getrandom(2) guarantees that.
> Wrong. The guarantees here are very different.
> getrandom(2) behaves correctly: If the entropy pool hasn't been
> seeded, it will block until it has been seeded.
> What I described is a different phenomenon: The Linux kernel seeds the
> unblocking pool first, so once /dev/random has at least 1 byte
> available in its entropy count, you'll know that /dev/urandom has
> already been seeded and therefore you can just use /dev/urandom.
I am aware of that mechanism, but I did not read that you were refering to
this functionality from the initial statement.
> There's really no reason to rely on /dev/random for anything else but
> discovering if /dev/urandom has already been seeded. Then, you can
> safely read from /dev/urandom forever. (Entropy doesn't "run out".)
This is a very hacky check. What happens if there is a /dev/urandom hog during
boot time? For this, it is likely that /dev/random will not return one byte
until that hog is finished. This in turn means your check will wait that long.
More information about the Gcrypt-devel