From: Nikos Mavrogiannopoulos <nmav-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Stephan Mueller
<smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org>,
"Michael Kerrisk (man-pages)"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
tytso-3s7WtUTddSA@public.gmane.org,
Laurent Georget
<laurent.georget-vbcOdlJ0SulGWvitb5QawA@public.gmane.org>,
George Spelvin <linux-gpGsJRJZ3PBBDgjK7y7TUQ@public.gmane.org>
Subject: Re: [PATCH] Update the random(4) documentation towards a more accurate view on /dev/urandom
Date: Fri, 21 Oct 2016 16:38:30 +0200 [thread overview]
Message-ID: <1477060710.3888.14.camel@redhat.com> (raw)
In-Reply-To: <2402524.TIv9Kdt40z-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
On Fri, 2016-10-21 at 16:07 +0200, Stephan Mueller wrote:
> > > -When read, the \fI/dev/random\fP device will return random bytes
> > > -only within the estimated number of bits of noise in the entropy
> > > -pool.
> > > -\fI/dev/random\fP should be suitable for uses that need very
> > > -high quality randomness such as one-time pad or key generation.
> > > +When read, the \fI/dev/urandom\fP device return random bytes
> > > using a
> > > pseudorandom +number generator seeded from the entropy pool. That
>
> Starting with 4.8, there is no nonblocking_pool any more. Please
> refer to the ChaCha20 DRNG.
Hi Stephan,
I am not sure the suggestion above is clear to me. The text above (nor
the rest of the manpage) doesn't mention details about non-
blocking/blocking pools. I intentionally left such details out as they
do not provide information to a reader who is not familiar with the
actual implementation behind it. The CHACHA20 DRNG is another detail
that I wouldn't like the manpage to mention since it is a technical
detail and may even change in the future (e.g., to a faster stream
cipher).
Nevertheless, I find this suggestion orthogonal to my text above. There
may be another update of the manpage to add these details (even though
I wouldn't really like it).
> > +.LP
> > > +The \fI/dev/random\fP device is a legacy interface which dates
> > > back to
> > > +a time where the cryptographic primitives used in the
> > > implementation
> > > +were not widely trusted. It will return random bytes
> > > +only within the estimated number of bits of fresh noise in the
> > > entropy
> > > +pool, blocking if necessary.
> > > +\fI/dev/random\fP is suitable for applications that need very
> > > +high quality randomness, and can afford indeterminate delays.
>
> Would it be possible to add something around getrandom stating that
> it blocks
> until initially 128 bits of entropy are measured before it unblocks
> and
> behaves like /dev/urandom? Maybe it makes even sense to add a
> recommendation
> to use getrandom in favor of /dev/urandom?
Note that this is the manpage on /dev/urandom and /dev/random only.
getrandom() has a separate manpage which lists (or should list) such
information. Said that, indeed this suggestion is right, but I think
this recommendation is mildly already there (the quotes may hide it). It is on the 3rd paragraph:
"When used during early boot time, this device may return data
prior to the entropy pool being initialized. If this is of
concern in your application, use getrandom(2) or /dev/random
instead."
regards,
Nikos
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-10-21 14:38 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-25 8:48 [PATCH] Update the random(4) documentation towards a more accurate view on /dev/urandom Nikos Mavrogiannopoulos
[not found] ` <1461574090.32558.45.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-25 15:46 ` George Spelvin
[not found] ` <20160425154605.7445.qmail-HzZAx2gCgqrSUeElwK9/Pw@public.gmane.org>
2016-04-26 14:46 ` Nikos Mavrogiannopoulos
[not found] ` <1461681983.15804.76.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-26 16:58 ` George Spelvin
[not found] ` <20160426165847.5804.qmail-HzZAx2gCgqrSUeElwK9/Pw@public.gmane.org>
2016-11-09 15:26 ` Michael Kerrisk (man-pages)
[not found] ` <8a990d27-1fc2-8358-f9d3-c9474d6d8616-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 8:21 ` Nikos Mavrogiannopoulos
[not found] ` <1478766102.2642.12.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 11:29 ` Michael Kerrisk (man-pages)
2016-08-01 11:48 ` Nikos Mavrogiannopoulos
[not found] ` <1470052099.2926.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-20 8:37 ` Nikos Mavrogiannopoulos
[not found] ` <1476952646.2522.10.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-21 7:21 ` Michael Kerrisk (man-pages)
[not found] ` <8a5e82db-6f8a-2426-4a68-feab205bca57-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-10-21 14:07 ` Stephan Mueller
[not found] ` <2402524.TIv9Kdt40z-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-10-21 14:38 ` Nikos Mavrogiannopoulos [this message]
[not found] ` <1477060710.3888.14.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-10-21 14:55 ` Stephan Mueller
2016-10-21 16:33 ` Theodore Ts'o
[not found] ` <20161021163314.cvhjgr4s7lfzdsve-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-10-21 16:50 ` Stephan Mueller
[not found] ` <4610047.a51zB7LfZj-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-10-21 17:56 ` Theodore Ts'o
[not found] ` <20161021175633.5x5mp2xv3wq4ejjf-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-10-21 18:00 ` Stephan Mueller
2016-11-01 9:35 ` Nikos Mavrogiannopoulos
[not found] ` <1477992912.3769.22.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-09 14:58 ` Michael Kerrisk (man-pages)
2016-11-09 15:23 ` Michael Kerrisk (man-pages)
[not found] ` <b07fb334-149d-cf65-74f3-1d1951e5981b-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 8:54 ` Nikos Mavrogiannopoulos
[not found] ` <1478768067.2642.23.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 9:11 ` Laurent Georget
[not found] ` <3b7ba39b-0434-47ca-7857-257f3c99266b-AyimVQWTEHzsq35pWSNszA@public.gmane.org>
2016-11-10 11:56 ` Michael Kerrisk (man-pages)
2016-11-10 11:50 ` Michael Kerrisk (man-pages)
[not found] ` <e5c1f87c-aad0-b526-a346-74348a36c2a3-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 11:53 ` Nikos Mavrogiannopoulos
[not found] ` <1478778837.2642.26.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-10 11:56 ` Michael Kerrisk (man-pages)
[not found] ` <05152136-6943-8ada-3d65-51ef4ce9c1b1-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-10 14:19 ` Michael Kerrisk (man-pages)
2016-11-10 14:20 ` [PATCH] random.4: Improve discussion or urandom, blocking reads, and signals Michael Kerrisk (man-pages)
[not found] ` <4a8c573c-0c19-29d0-248e-74c088968806-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-11 10:28 ` Laurent Georget
[not found] ` <d5eca965-c8b9-51e5-6acb-172e47f85ba0-vbcOdlJ0SulGWvitb5QawA@public.gmane.org>
2016-11-11 11:51 ` Michael Kerrisk (man-pages)
2016-11-12 12:25 ` New random(7) page for review Michael Kerrisk (man-pages)
[not found] ` <cb25213c-a70d-cbf1-6a42-959dcdc1f202-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-11-12 14:03 ` Laurent Georget
[not found] ` <54e6e40c-b840-c773-e739-7faed9664411-AyimVQWTEHzsq35pWSNszA@public.gmane.org>
2016-11-15 6:19 ` Michael Kerrisk (man-pages)
2016-11-13 22:20 ` Theodore Ts'o
[not found] ` <20161113222041.ypnz3sdm3fmjprnn-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-11-15 6:41 ` Michael Kerrisk (man-pages)
2016-11-14 8:06 ` Nikos Mavrogiannopoulos
[not found] ` <1479110801.2624.2.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-11-15 6:10 ` Michael Kerrisk (man-pages)
2016-11-11 16:05 ` [PATCH] random.4: Improve discussion or urandom, blocking reads, and signals Theodore Ts'o
[not found] ` <20161111160514.yrlfteowdz4qar76-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2016-11-12 10:54 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477060710.3888.14.camel@redhat.com \
--to=nmav-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=laurent.georget-vbcOdlJ0SulGWvitb5QawA@public.gmane.org \
--cc=linux-gpGsJRJZ3PBBDgjK7y7TUQ@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).