Re: Why does reading from /dev/urandom deplete entropy so much?

[Matt Mackall <mpm@selenic.com>]

On Thu, Dec 06, 2007 at 08:02:33AM +0100, Eric Dumazet wrote:
> Matt Mackall a ?crit :
> >On Tue, Dec 04, 2007 at 07:17:58PM +0100, Eric Dumazet wrote:
> >>Alan Cox a ?crit :
> >>>>No matter what you consider as being better, changing a 12 years old 
> >>>>and widely used userspace interface like /dev/urandom is simply not an 
> >>>>option.
> >>>>   
> >>>Fixing it to be more efficient in its use of entropy and also fixing the
> >>>fact its not actually a good random number source would be worth looking
> >>>at however.
> >>> 
> >>Yes, since current behavior on network irq is very pessimistic.
> >
> >No, it's very optimistic. The network should not be trusted.
> 
> You keep saying that. I am refering to your previous attempts last year to 
> remove net drivers from sources of entropy. No real changes were done.

Dave and I are both a bit stubborn on this point. I've been meaning to
respin those patches..

> If the network should not be trusted, then a patch should make sure network 
> interrupts feed /dev/urandom but not /dev/random at all. (ie not calling 
> credit_entropy_store() at all)

Yes. My plan is to change the interface from SA_SAMPLE_RANDOM to
add_network_entropy. The SA_SAMPLE_RANDOM interface sucks because it
doesn't tell the core what kind of source it's dealing with.

> There is a big difference on get_cycles() and jiffies. You should try to 
> measure it on a typical x86_64 platform.

I'm well aware of that. We'd use get_cycles() exclusively, but it
returns zero on lots of platforms. We used to use sched_clock(), I
can't remember why that got changed.

> >Also, for future reference, patches for /dev/random go through me, not
> >through Dave.
> 
> Why ? David is the network maintainer, and he was the one who rejected your 
> previous patches.

Because I'm the /dev/random maintainer and it's considered the polite
thing to do, damnit.

-- 
Mathematics is the supreme nostalgia of our time.