fwd: What good is this really going to be?

brian moore bem at cmc.net
Wed Dec 9 13:48:55 CET 1998


On Wed, Dec 09, 1998 at 01:19:03AM +0100, Thomas Roessler wrote:
> On Tue, Dec 08, 1998 at 03:35:56PM -0800, brian moore wrote:
> 
> > I'd be willing to contribute something to snarf a bunch of bytes
> > from /dev/audio on Solaris (would have to be suid-root to do that,
> > but shouldn't be too hard to make safe).
> 
> How about putting this functionality into an external helper
> program?  This can be made secure and suid root without too much
> risk.  GPG could invoke this program and communicate over a pipe:
> GPG writes a number, and the "random source program" replies with
> the corresponding number of random bytes.  Markus Kuhn has something
> really nice along these lines for his one-time password system.
> Should be somewhere around on:

Absolutely.  I ran truss on 'sar' and found its secret.  'man kstats'
if you've got a Slugaris box handy.  A whole slew of uselessly
meaningless numbers that cycle around counting meaningless things!
Which, is, of course, a good source of entropy.

Try this on Slugaris (stolen mostly from the man page :)):


/*
 * print a bunch of kernel numbers for random seeds
 *
 * compile with: gcc -lkstat -o random random.c
 */


#include <kstat.h>
#include <stdio.h>

/* for TYPE_IO, the most interesting numbers seem to be wtime:
    hrtime_t     wtime;            ... cumulative wait (pre-service) time
                                   ... in nanoseconds!

    Needless to say, this cycles fast. */

int main(int argc, char **argv)
{
    kstat_ctl_t    *kc;
    kstat_t        *ksp;
    kstat_io_t     kio;

    kc = kstat_open();
    for (ksp = kc->kc_chain; ksp != NULL; ksp = ksp->ks_next) {
	if (ksp->ks_type == KSTAT_TYPE_IO) {
	    kstat_read(kc, ksp, &kio);
	    fprintf(stderr, "%ld %ld %ld %ld\n",
			    kio.reads, kio.writes,
			    kio.rtime, kio.wtime);
	}
    }

}

No suid needed, and that kio.wtime looks really really cool in its
randomness.  I'll start dumping a whole slew of useless and silly
numbers (maybe for counters using the low three or four digits, but for
things like kio.wtime let it have the whole thing since it seems really
noisy and useless).

There are tons and tons of numbers to print.  Not as good as a real
/dev/random, but not bad either.  It'll certainly give rndunix some
stuff to chew on.

-- 
Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster




More information about the Gnupg-devel mailing list