From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757126AbbIXQBK (ORCPT ); Thu, 24 Sep 2015 12:01:10 -0400 Received: from mail-ig0-f174.google.com ([209.85.213.174]:35554 "EHLO mail-ig0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756785AbbIXQBI (ORCPT ); Thu, 24 Sep 2015 12:01:08 -0400 Subject: Re: [PATCH 1/3] Make /dev/urandom scalable To: "Theodore Ts'o" , Andi Kleen , linux-kernel@vger.kernel.org, kirill.shutemov@linux.intel.com, herbert@gondor.apana.org.au, Andi Kleen References: <1442963767-14945-1-git-send-email-andi@firstfloor.org> <5603004A.20801@gmail.com> <20150923232841.GK1747@two.firstfloor.org> <5603E083.8020004@gmail.com> <20150924131235.GB6841@thunk.org> From: Austin S Hemmelgarn Message-ID: <56041E2C.2030602@gmail.com> Date: Thu, 24 Sep 2015 12:00:44 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150924131235.GB6841@thunk.org> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms050903080005050303010703" X-Antivirus: avast! (VPS 150924-0, 2015-09-24), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms050903080005050303010703 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-09-24 09:12, Theodore Ts'o wrote: > On Thu, Sep 24, 2015 at 07:37:39AM -0400, Austin S Hemmelgarn wrote: >> Using /dev/urandom directly, yes that doesn't make sense because it >> consistent returns non-uniformly random numbers when used to generate = larger >> amounts of entropy than the blocking pool can source > > Why do you think this is the case? Reproduction, please? > > - Ted Aside from the literature scattered across the web and the fact that it=20 fails Dieharder tests way more than a high quality RNG should (even a=20 good one should fail from time to time, one that never does is=20 inherently flawed for other reasons, but I've had cases where I've done=20 thousands of dieharder runs, and it failed almost 10% of the time, while = stuff like mt19937 fails in otherwise identical tests only about 1-2% of = the time)? I will admit that it is significantly better than any libc=20 implementation of rand() that I've seen, and many other PRNG's (notably=20 including being significantly more random than the FIPS 140 DRBG's), but = it does not do as well (usually) as stuff like OpenBSD's /dev/aranedom=20 (which is way more processor intensive as well from what I've seen) or=20 some of the high quality RNG's found in the GSL. And it's also worth noting that this is with regards to systems that are = consistently getting significantly less entropy into the blocking pool=20 than is being sourced from the non-blocking pool by userspace (that is=20 greater than a 100 times or so). In short, I would not trust it as a CSPRNG (although I wouldn't trust=20 most things touted as CSPRNG's either), or even for important=20 simulations that need _lots_ of random numbers. I'm not saying that it=20 shouldn't be used for stuff like seeding other PRNG's however (and TBH,=20 I do trust it more for that than I trust stuff like RDSEED or RDRAND). --------------ms050903080005050303010703 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMRLfgwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwOTIxMTEzNTEzWhcNMTYwMzE5MTEzNTEzWjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBADMnxtSLiIunh/TQcjnRdf63yf2D8jMtYUm4yDoCF++J jCXbPQBGrpCEHztlNSGIkF3PH7ohKZvlqF4XePWxpY9dkr/pNyCF1PRkwxUURqvuHXbu8Lwn 8D3U2HeOEU3KmrfEo65DcbanJCMTTW7+mU9lZICPP7ZA9/zB+L0Gm1UNFZ6AU50N/86vjQfY WgkCd6dZD4rQ5y8L+d/lRbJW7ZGEQw1bSFVTRpkxxDTOwXH4/GpQfnfqTAtQuJ1CsKT12e+H NSD/RUWGTr289dA3P4nunBlz7qfvKamxPymHeBEUcuICKkL9/OZrnuYnGROFwcdvfjGE5iLB kjp/ttrY4aaVW5EsLASNgiRmA6mbgEAMlw3RwVx0sVelbiIAJg9Twzk4Ct6U9uBKiJ8S0sS2 8RCSyTmCRhJs0vvva5W9QUFGmp5kyFQEoSfBRJlbZfGX2ehI2Hi3U2/PMUm2ONuQG1E+a0AP u7I0NJc/Xil7rqR0gdbfkbWp0a+8dAvaM6J00aIcNo+HkcQkUgtfrw+C2Oyl3q8IjivGXZqT 5UdGUb2KujLjqjG91Dun3/RJ/qgQlotH7WkVBs7YJVTCxfkdN36rToPcnMYOI30FWa0Q06gn F6gUv9/mo6riv3A5bem/BdbgaJoPnWQD9D8wSyci9G4LKC+HQAMdLmGoeZfpJzKHMYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwOTI0MTYwMDQ0WjBPBgkq hkiG9w0BCQQxQgRA01Yyuj0GDkPnqEMdP/1DEYHTcVmtCbKMz9+5JOEZ6F8W63uRNT5Nzhch f1cjbB7YfNsNHtJv6MSblsFk8gYNnDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxEt+DCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DAN BgkqhkiG9w0BAQEFAASCAgBj6dyP8EIEppeLgt96JaUoMNlZR0+WdVSu997JAtrXR+vmfWIc cBN9BvrLNZQo22Fbu5NBouKY1bdCtXLR7BCNYXvuuQkXJbSqRJZBSNDxZpuKxIHRlW6D8j3f AXrixi2eYumyaie/7dneqDjhNiKYwRQctsW+q9+NsdwcqQr99XZJKfwC81u8jXPA3GiVO+8e koYX3qfTGUWZgzXhsHDOk6jyaNSwQEfXO9jXJIAj0Paqr82gmAJwkj7IDPxPF7+pQqAuK8vj sfFJWAgVMOIZeKgHaxLoQ/IFJyoA1HWC/HMZAbU1OfGlY/jDNAWsNnXNjpighmM0t81wOd+B 10/CXEKhG/AH6wVUt58wmAMbiBe/M69L57yYf/sGYymZ7ENSexVFO+e6B0iHwiTJ6w3XX4+6 VSBppCXDp3Lhjp9z6SHBMen0KLlzPbn7yknYhWVmcC2qkICHk/H48KFL+YSHhV2989YLuoAS V9kH/MJTJ9ooPof8Z5hHH1ynrM6IQ7UYdIW7vwd5eSEa1lnQkGR/VQAE6FVHFvfnMQZtD6vu jOVTwRxwXIPo1MD1pR8oU0w8vXyVjhGwvtlTiqtIKHCctU+zaIbKhXmYQWOfhaW5ed/TiSs2 1zQV5wrv6e91u5Yxamv2Ilzj6eqORrcb0QFWXWet/L/x5xU8SIhetg1wYQAAAAAAAA== --------------ms050903080005050303010703--