[onerng talk] /dev/random on Linux ...
Bill Cox
waywardgeek at gmail.com
Sat Dec 20 21:23:11 GMT 2014
I bypassed rngd and write directly to /dev/random. One very cool thing
about the modular noise multiplier is the very accurate estimate of the
entropy I am adding. Basically anyone using /dev/urandom effectively is
mounting a denial of service attack against people who need true random
data. Also the entropy mixing code has a problem in that it takes tiny
amounts of entropy in at a time, enabling certain attacks. Because of these
weaknesses I feel it is reasonable for some people to bypass the system
entropy pool, but this is also asking for trouble. I do not know why this
code is not modernized.
Bill
On Dec 20, 2014 4:52 AM, "Jim Cheetham" <jim at gonzul.net> wrote:
> A couple of days ago I received this message from Thomas Hühn <t at 2uo.de>
> :-
>
> > Hi Jim,
> >
> > On http://onerng.info/random.html you claim that "This interface
> internally does exactly the same as /dev/random, except that when the
> entropy pool is close to exhaustion it will instead start to deliver data
> from a software device, a PRNG that has been seeded from 'good' random
> data.".
> >
> > That's wrong. The _only_ difference between /dev/random and /dev/urandom
> on Linux is that the latter doesn't care about the amount of estimated
> entropy in the pool(s).
> >
> > The output of /dev/random is hashed and processed in exactly the same
> way as the output of /dev/urandom, there is no PRNG exclusive to the latter.
> >
> > You can find more details in
> http://www.2uo.de/myths-about-urandom/#structure
>
> I've done a fair bit of reading based on that link of his, and of
> course it opens up some more questions. I certainly used to assume
> that /dev/random's source of data was different to /dev/urandom's, and
> a quick read through random.c does indeed back up Thomas' description
> that they are indeed the same.
>
> However, given that, I don't yet understand how re-seeding is affected
> by the entropy collector processes, I'm a little confused about
> initial seeding and how that relates to key generation, and I'm really
> stuck as to what the entropy estimate counter is trying to achieve.
>
> None of this directly affects OneRNG and its goals; it does mean that
> the default benefit to a Linux system needs more consideration, and I
> have to tighten up some of the text I've written on the website & put
> into presentations.
>
> I'd appreciate some other people having a look at this article and
> giving me their comments :-)
>
> -jim
>
> --
>
> View topic http://lists.onerng.info/r/topic/1Y0BjLuZzH3giPaU8oz948
>
> Leave group mailto:onerng-talk at lists.onerng.info?Subject=unsubscribe
>
> Start groups http://OnlineGroups.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20141220/eccad8bf/attachment.html>
More information about the Discuss
mailing list