Re: Reading entropy_avail file appears to consume entropy

[Jan Ceuleers <jan.ceuleers@computer.org>]

Alexander Konovalenko wrote:
> On Mar 19, Jan Ceuleers wrote:
>> I'm using the 2.6.31 kernel that comes with Ubuntu 9.10.
>>
>> If I
>>
>>    # watch cat /proc/sys/kernel/random/entropy_avail
>>
>> then the size of the entropy pool falls rapidly (by more than 200 bytes per 2s interval).
>> It settles down around 160 bytes.
> 
> Jan, did you find out anything interesting about this issue?
> 
> I have a wild guess, although I have no idea whether it can be
> correct. I couldn't catch any user-space /dev/random or /dev/urandom
> readers with fuser, so I think something in the kernel is using up the
> entropy. If I remember correctly, recent Ubuntu releases were supposed
> to include a security feature that randomizes memory layout in order
> to mitigate some kinds of security vulnerabilities. What if each time
> a new process is started the kernel needs to obtain a significant
> number of random bytes? Here is some supporting evidence. I can
> reproduce the behavior you describe on a vanilla Ubuntu 9.10 system
> (without latest updates). But if I watch entropy_avail using a Python
> script that does not start a new process every time, then the
> available entropy amount won't decrease. (The system is otherwise
> idle.) Give it a try:
> 
> $ python
> import sys, time
> while True:
>   sys.stdout.write(open('/proc/sys/kernel/random/entropy_avail',
> 'r').read())
>   time.sleep(1)
> 
> It would be great if someone with knowledge about this could confirm
> or refute my guess.
> 
>  -- Alexander
> 

Alexander,

Thanks, this never made it out to LKML so I'm forwarding it now.

This does sound quite plausible; does anyone from Ubuntu want to chip in?

Thanks, Jan