From: Oliver Xymoron <oxymoron@waste.org>
To: Marco Colombo <marco@esi.it>
Cc: Andreas Dilger <adilger@clusterfs.com>, linux-kernel@vger.kernel.org
Subject: Re: Problem with random.c and PPC
Date: Mon, 19 Aug 2002 09:02:07 -0500 [thread overview]
Message-ID: <20020819140207.GC14427@waste.org> (raw)
In-Reply-To: <Pine.LNX.4.44.0208191034390.26653-100000@Megathlon.ESI>
On Mon, Aug 19, 2002 at 11:29:00AM +0200, Marco Colombo wrote:
> On Sat, 17 Aug 2002, Oliver Xymoron wrote:
>
> > > If you are in there fixing things, it might make sense to have
> > > /dev/urandom extract entropy from the random pool far less often than
> > > /dev/random. This way people who use /dev/urandom for a source of
> > > less-strong randomness (e.g. TCP sequence numbers or whatever), will
> > > not be shooting themselves in the foot for when they need a 2048-byte
> > > PGP key, if they are low on entropy sources.
> >
> > Not sure this is an ideal fix. We might instead have an entropy
> > low-water mark (say 1/2 pool size), below which /dev/urandom will not
> > deplete the pool. This way when we have ample entropy, both devices
> > will behave like TRNGs, with /dev/urandom falling back to PRNG when a
> > shortage is threatened.
>
> How can you make /dev/urandom return something without leaking
> information about the internal pool state to the observer?
> Do you plan to switch to a completely different source and reseed the
> PRNG with data not taken from the pool?
I plan to make a third pool, reseeding from the first. The code
appears to actually be structured with that in mind, it just hasn't
been done.
> In my experience, there's little you can do when the entropy demand is
> higher than the rate at which the kernel collects it. Either we implement
> /dev/random quotas, or it will be always easy to drain the internal pool
> from userspace.
Root can decide, for instance, to make /dev/random privileged to some
group if important_set is getting starved by unimportant_set.
> I'd say that /dev/urandom interface is somewhat broken: the application
> either can live with an almost pure PRNG (and use an userspace
> implementation) or needs true, pure and strong randomness. The programmer
> should know the mimimal need for true randomness of the application.
> For every application that uses /dev/urandom, it's 0 by definition of
> /dev/urandom, and the application should just use an userspace PRNG.
Many actually do this. I believe OpenSSL merely seeds though I'd have
to doublecheck.
> If you need a weak solution (a perturbated PRNG), just read a few bits
> from /dev/random at times (but in a controlled and defined way).
It might be helpful to think of /dev/urandom as akin to /dev/random with
O_NONBLOCK. "Give me stronger bits if you got 'em" is desirable,
otherwise this thread would be much shorter.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
next prev parent reply other threads:[~2002-08-19 13:58 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-16 10:00 Problem with random.c and PPC Jon Burgess
2002-08-16 19:52 ` Oliver Xymoron
2002-08-16 17:51 ` henrique
2002-08-16 21:21 ` Ruth Ivimey-Cook
2002-08-17 0:47 ` Oliver Xymoron
2002-08-17 0:45 ` Oliver Xymoron
2002-08-17 6:05 ` Andreas Dilger
2002-08-17 7:23 ` Oliver Xymoron
2002-08-17 9:09 ` Andreas Dilger
2002-08-17 16:56 ` Oliver Xymoron
2002-08-19 9:29 ` Marco Colombo
2002-08-19 14:02 ` Oliver Xymoron [this message]
2002-08-19 15:11 ` Marco Colombo
2002-08-19 15:29 ` Oliver Xymoron
2002-08-19 16:20 ` Marco Colombo
2002-08-19 16:33 ` Oliver Xymoron
2002-08-19 20:23 ` Marco Colombo
2002-08-22 3:16 ` David Wagner
2002-08-16 20:52 ` Chris Friesen
2002-08-17 0:29 ` Oliver Xymoron
2002-08-22 3:19 ` David Wagner
2002-08-22 15:40 ` Chris Friesen
2002-08-22 17:25 ` Remco Post
-- strict thread matches above, loose matches on Subject: below --
2002-08-15 16:10 henrique
2002-08-15 15:14 henrique
2002-08-15 18:25 ` Andreas Dilger
2002-08-15 19:03 ` Tom Rini
2002-08-15 19:59 ` Andreas Dilger
2002-08-15 21:04 ` Tom Rini
2002-08-16 1:50 ` H. Peter Anvin
2002-08-16 16:33 ` Oliver Xymoron
2002-08-16 16:28 ` Oliver Xymoron
[not found] ` <20020816170126.GD26993@opus.bloom.county>
2002-08-16 17:15 ` Oliver Xymoron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020819140207.GC14427@waste.org \
--to=oxymoron@waste.org \
--cc=adilger@clusterfs.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marco@esi.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox