From: Nikos Mavrogiannopoulos <nmav-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Stephan Mueller
<smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org>,
"Michael Kerrisk (man-pages)"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
tytso-3s7WtUTddSA@public.gmane.org,
Laurent Georget
<laurent.georget-vbcOdlJ0SulGWvitb5QawA@public.gmane.org>,
George Spelvin <linux-gpGsJRJZ3PBBDgjK7y7TUQ@public.gmane.org>
Subject: Re: [PATCH] Update the random(4) documentation towards a more accurate view on /dev/urandom
Date: Fri, 21 Oct 2016 16:38:30 +0200 [thread overview]
Message-ID: <1477060710.3888.14.camel@redhat.com> (raw)
In-Reply-To: <2402524.TIv9Kdt40z-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
On Fri, 2016-10-21 at 16:07 +0200, Stephan Mueller wrote:
> > > -When read, the \fI/dev/random\fP device will return random bytes
> > > -only within the estimated number of bits of noise in the entropy
> > > -pool.
> > > -\fI/dev/random\fP should be suitable for uses that need very
> > > -high quality randomness such as one-time pad or key generation.
> > > +When read, the \fI/dev/urandom\fP device return random bytes
> > > using a
> > > pseudorandom +number generator seeded from the entropy pool. That
>
> Starting with 4.8, there is no nonblocking_pool any more. Please
> refer to the ChaCha20 DRNG.
Hi Stephan,
I am not sure the suggestion above is clear to me. The text above (nor
the rest of the manpage) doesn't mention details about non-
blocking/blocking pools. I intentionally left such details out as they
do not provide information to a reader who is not familiar with the
actual implementation behind it. The CHACHA20 DRNG is another detail
that I wouldn't like the manpage to mention since it is a technical
detail and may even change in the future (e.g., to a faster stream
cipher).
Nevertheless, I find this suggestion orthogonal to my text above. There
may be another update of the manpage to add these details (even though
I wouldn't really like it).
> > +.LP
> > > +The \fI/dev/random\fP device is a legacy interface which dates
> > > back to
> > > +a time where the cryptographic primitives used in the
> > > implementation
> > > +were not widely trusted. It will return random bytes
> > > +only within the estimated number of bits of fresh noise in the
> > > entropy
> > > +pool, blocking if necessary.
> > > +\fI/dev/random\fP is suitable for applications that need very
> > > +high quality randomness, and can afford indeterminate delays.
>
> Would it be possible to add something around getrandom stating that
> it blocks
> until initially 128 bits of entropy are measured before it unblocks
> and
> behaves like /dev/urandom? Maybe it makes even sense to add a
> recommendation
> to use getrandom in favor of /dev/urandom?
Note that this is the manpage on /dev/urandom and /dev/random only.
getrandom() has a separate manpage which lists (or should list) such
information. Said that, indeed this suggestion is right, but I think
this recommendation is mildly already there (the quotes may hide it). It is on the 3rd paragraph:
"When used during early boot time, this device may return data
prior to the entropy pool being initialized. If this is of
concern in your application, use getrandom(2) or /dev/random
instead."
regards,
Nikos
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-10-21 14:38 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-25 8:48 [PATCH] Update the random(4) documentation towards a more accurate view on /dev/urandom Nikos Mavrogiannopoulos
[not found] ` <1461574090.32558.45.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-25 15:46 ` George Spelvin
[not found] ` <20160425154605.7445.qmail-HzZAx2gCgqrSUeElwK9/Pw@public.gmane.org>
2016-04-26 14:46 ` Nikos Mavrogiannopoulos
[not found] ` <1461681983.15804.76.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-26 16:58 ` George Spelvin
[not found] ` <20160426165847.5804.qmail-HzZAx2gCgqrSUeElwK9/Pw@public.gmane.org>
2016-11-09 15:26 ` Michael Kerrisk (man-pages)
[not found] ` <8a990d27-1fc2-8358-f9d3-c9474d6d8616-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 8:21 ` Nikos Mavrogiannopoulos
[not found] ` <1478766102.2642.12.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 11:29 ` Michael Kerrisk (man-pages)
2016-08-01 11:48 ` Nikos Mavrogiannopoulos
[not found] ` <1470052099.2926.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-20 8:37 ` Nikos Mavrogiannopoulos
[not found] ` <1476952646.2522.10.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-21 7:21 ` Michael Kerrisk (man-pages)
[not found] ` <8a5e82db-6f8a-2426-4a68-feab205bca57-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-21 14:07 ` Stephan Mueller
[not found] ` <2402524.TIv9Kdt40z-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-10-21 14:38 ` Nikos Mavrogiannopoulos [this message]
[not found] ` <1477060710.3888.14.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-21 14:55 ` Stephan Mueller
2016-10-21 16:33 ` Theodore Ts'o
[not found] ` <20161021163314.cvhjgr4s7lfzdsve-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-10-21 16:50 ` Stephan Mueller
[not found] ` <4610047.a51zB7LfZj-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-10-21 17:56 ` Theodore Ts'o
[not found] ` <20161021175633.5x5mp2xv3wq4ejjf-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-10-21 18:00 ` Stephan Mueller
2016-11-01 9:35 ` Nikos Mavrogiannopoulos
[not found] ` <1477992912.3769.22.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-09 14:58 ` Michael Kerrisk (man-pages)
2016-11-09 15:23 ` Michael Kerrisk (man-pages)
[not found] ` <b07fb334-149d-cf65-74f3-1d1951e5981b-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 8:54 ` Nikos Mavrogiannopoulos
[not found] ` <1478768067.2642.23.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 9:11 ` Laurent Georget
[not found] ` <3b7ba39b-0434-47ca-7857-257f3c99266b-AyimVQWTEHzsq35pWSNszA@public.gmane.org>
2016-11-10 11:56 ` Michael Kerrisk (man-pages)
2016-11-10 11:50 ` Michael Kerrisk (man-pages)
[not found] ` <e5c1f87c-aad0-b526-a346-74348a36c2a3-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 11:53 ` Nikos Mavrogiannopoulos
[not found] ` <1478778837.2642.26.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 11:56 ` Michael Kerrisk (man-pages)
[not found] ` <05152136-6943-8ada-3d65-51ef4ce9c1b1-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 14:19 ` Michael Kerrisk (man-pages)
2016-11-10 14:20 ` [PATCH] random.4: Improve discussion or urandom, blocking reads, and signals Michael Kerrisk (man-pages)
[not found] ` <4a8c573c-0c19-29d0-248e-74c088968806-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-11 10:28 ` Laurent Georget
[not found] ` <d5eca965-c8b9-51e5-6acb-172e47f85ba0-vbcOdlJ0SulGWvitb5QawA@public.gmane.org>
2016-11-11 11:51 ` Michael Kerrisk (man-pages)
2016-11-12 12:25 ` New random(7) page for review Michael Kerrisk (man-pages)
[not found] ` <cb25213c-a70d-cbf1-6a42-959dcdc1f202-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-12 14:03 ` Laurent Georget
[not found] ` <54e6e40c-b840-c773-e739-7faed9664411-AyimVQWTEHzsq35pWSNszA@public.gmane.org>
2016-11-15 6:19 ` Michael Kerrisk (man-pages)
2016-11-13 22:20 ` Theodore Ts'o
[not found] ` <20161113222041.ypnz3sdm3fmjprnn-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-11-15 6:41 ` Michael Kerrisk (man-pages)
2016-11-14 8:06 ` Nikos Mavrogiannopoulos
[not found] ` <1479110801.2624.2.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-15 6:10 ` Michael Kerrisk (man-pages)
2016-11-11 16:05 ` [PATCH] random.4: Improve discussion or urandom, blocking reads, and signals Theodore Ts'o
[not found] ` <20161111160514.yrlfteowdz4qar76-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-11-12 10:54 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477060710.3888.14.camel@redhat.com \
--to=nmav-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=laurent.georget-vbcOdlJ0SulGWvitb5QawA@public.gmane.org \
--cc=linux-gpGsJRJZ3PBBDgjK7y7TUQ@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.