From: "Theodore Ts'o" <tytso@mit.edu>
To: Greg Price <price@mit.edu>, "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-kernel@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>
Subject: Re: [PATCH 00/11] random: code cleanups
Date: Wed, 13 Nov 2013 01:08:07 -0500 [thread overview]
Message-ID: <20131113060807.GA11394@thunk.org> (raw)
In-Reply-To: <52830546.8010002@zytor.com> <20131113042303.GY8043@ringworld.MIT.EDU>
On Tue, Nov 12, 2013 at 11:23:03PM -0500, Greg Price wrote:
> > The basic idea is that we don't want to break systems, but we do want
> > to gently coerce people to do the right thing. Otherwise, I'm worried
> > that distros, or embedded/mobile/consume electronics engineers would
> > just patch out the check.
>
> That's a good idea. I've worried about the same thing, but hadn't
> thought of that solution.
I think the key is that we set a default of requiring 128 bits, or 5
minutes, with boot-line options to change the defaults. BTW, with the
changes that are scheduled for 3.13, this shouldn't be a problem on
most desktops. From my T430s laptop:
...
[ 4.446047] random: nonblocking pool is initialized
[ 4.542119] usb 3-1.6: New USB device found, idVendor=04f2, idProduct=b2da
[ 4.542124] usb 3-1.6: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 4.542128] usb 3-1.6: Product: Integrated Camera
[ 4.542131] usb 3-1.6: Manufacturer: Chicony Electronics Co., Ltd.
[ 4.575753] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 4.653338] udevd[462]: starting version 175
...
[ 6.253131] EXT4-fs (sdc3): re-mounted. Opts: (null)
So even without adding device attach times (which is on the todo list)
the /dev/urandom pool is getting an estimated 128 bits of entropy
almost two seconds *before* the root file system is remouted
read/write.
(And this is also before fixing the rc80211 minstrel code to stop
wasting about two dozen bits of entropy at startup --- it's using
get_random_bytes even though it doesn't actually need
cryptographically secure random numbers.)
This is why I've been working improving the random driver's efficiency
in getting the urandom pool as soon as possible, as higher priority
than adding blocking-on-boot for /dev/urandom.
> And, pray tell, how will you know that you have done that?
>
> Even the best entropy estimation algorithms are nothing but estimations,
> and min-entropy is the hardest form of entropy to estimate.
Of course it's only an estimate. Some researchers have looked into
this and their results show that at least for x86 desktop/servers, we
appear to be conservative enough in our entropy estimation. But
ultimately, yes, that is an issue which I am concerned about. But I
believe that's a separable problem that we can work on separately from
other /dev/random issues --- and I'm hoping we can get some students
to study this problem on a variety of different hardware platforms and
entropy sources.
- Ted
next prev parent reply other threads:[~2013-11-13 6:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-07 23:57 [PATCH 00/11] random: code cleanups Greg Price
2013-11-07 23:57 ` [PATCH 01/11] random: fix typos / spelling errors in comments Greg Price
2013-11-07 23:58 ` [PATCH 02/11] random: fix comment on proc_do_uuid Greg Price
2013-11-07 23:58 ` [PATCH 03/11] random: fix description of get_random_bytes Greg Price
2013-11-07 23:58 ` [PATCH 04/11] random: simplify loop in random_read Greg Price
2013-11-07 23:58 ` [PATCH 05/11] random: declare trickle_count unsigned Greg Price
2013-11-07 23:58 ` [PATCH 06/11] random: fix comment on "account" Greg Price
2013-11-07 23:58 ` [PATCH 07/11] random: simplify accounting code slightly Greg Price
2013-11-07 23:59 ` [PATCH 08/11] random: simplify accounting logic Greg Price
2013-11-07 23:59 ` [PATCH 09/11] random: forget lock in lockless accounting Greg Price
2013-11-07 23:59 ` [PATCH 10/11] random: pull 'min' check in accounting to inside lockless update Greg Price
2013-11-07 23:59 ` [PATCH 11/11] random: simplify accounting code Greg Price
2013-11-12 4:24 ` [PATCH 00/11] random: code cleanups Theodore Ts'o
2013-11-12 22:40 ` Greg Price
2013-11-13 3:32 ` Theodore Ts'o
2013-11-13 4:02 ` H. Peter Anvin
2013-11-13 4:37 ` Greg Price
2013-11-13 4:51 ` H. Peter Anvin
2013-11-13 6:06 ` Greg Price
2013-11-13 4:23 ` Greg Price
2013-11-13 6:08 ` Theodore Ts'o [this message]
2013-11-13 6:28 ` Greg Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131113060807.GA11394@thunk.org \
--to=tytso@mit.edu \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=price@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).